VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

FIrefox mi otvára nežiadúce web stránky

https://forum.viry.cz:443/viewtopic.php?t=151094

Stránka 1 z 3

FIrefox mi otvára nežiadúce web stránky

Napsal: 10 led 2017 17:07
od Zanzdm
Prosím o pomoc, Mozilla Firefox mi neustále otvára rôzne www, hlavne http://www.bet365.com. Skúšal som Malwarebytes, ale nepomohlo. Log RSIT prikladám.

Re: FIrefox mi otvára nežiadúce web stránky

Napsal: 10 led 2017 17:08
od Zanzdm
Logfile of random's system information tool 1.10 (written by random/random)
Run by HF at 2017-01-10 17:01:58
Microsoft Windows 10 Home
System drive C: has 47 GB (48%) free of 100 GB
Total RAM: 8190 MB (66% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:02:07, on 10. 1. 2017
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.14393.0000)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe
C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe
C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe
C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe
C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe
C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
D:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
D:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\SysWoW64\Macromed\Flash\FlashPlayerPlugin_24_0_0_186.exe
C:\WINDOWS\SysWoW64\Macromed\Flash\FlashPlayerPlugin_24_0_0_186.exe
C:\Program Files\trend micro\HF.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O1 - Hosts: 34.195.153.94 www.google-analytics.com
O1 - Hosts: 34.195.153.94 google-analytics.com
O1 - Hosts: 34.195.153.94 mc.yandex.ru
O1 - Hosts: 34.195.153.94 top-fwz1.mail.ru
O1 - Hosts: 34.195.153.94 site.yandex.net
O1 - Hosts: 34.195.153.94 pagead2.googlesyndication.com
O1 - Hosts: 34.195.153.94 ad.mail.ru
O1 - Hosts: 34.195.153.94 ads.adfox.ru
O1 - Hosts: 34.195.153.94 ads.pubmatic.com
O1 - Hosts: 34.195.153.94 apis.google.com
O1 - Hosts: 34.195.153.94 autocontext.begun.ru
O1 - Hosts: 34.195.153.94 b.scorecardresearch.com
O1 - Hosts: 34.195.153.94 c.amazon-adsystem.com
O1 - Hosts: 34.195.153.94 cdn.admixer.net
O1 - Hosts: 34.195.153.94 cdn.cxense.com
O1 - Hosts: 34.195.153.94 cdn.livefyre.com
O1 - Hosts: 34.195.153.94 cdn.onthe.io
O1 - Hosts: 34.195.153.94 cdn.optimizely.com
O1 - Hosts: 34.195.153.94 cdn.prom.st
O1 - Hosts: 34.195.153.94 cdn.pushwoosh.com
O1 - Hosts: 34.195.153.94 cdn.tt.omtrdc.net
O1 - Hosts: 34.195.153.94 cdn1.graphiq.com
O1 - Hosts: 34.195.153.94 content.adriver.ru
O1 - Hosts: 34.195.153.94 d134l0cdryxgwa.cloudfront.net
O1 - Hosts: 34.195.153.94 gaua.hit.gemius.pl
O1 - Hosts: 34.195.153.94 gde-default.hit.gemius.pl
O1 - Hosts: 34.195.153.94 img.imgsmail.ru
O1 - Hosts: 34.195.153.94 img7.auto.ria.com
O1 - Hosts: 34.195.153.94 js-agent.newrelic.com
O1 - Hosts: 34.195.153.94 js.revsci.net
O1 - Hosts: 34.195.153.94 kamradamnaradost.ru
O1 - Hosts: 34.195.153.94 kpmediagaua.hit.gemius.pl
O1 - Hosts: 34.195.153.94 level1cdn.com
O1 - Hosts: 34.195.153.94 mc.yandex.ru
O1 - Hosts: 34.195.153.94 mtrx.go.sonobi.com
O1 - Hosts: 34.195.153.94 ninja.onap.io
O1 - Hosts: 34.195.153.94 odb.outbrain.com
O1 - Hosts: 34.195.153.94 optimize-stats.voxmedia.com
O1 - Hosts: 34.195.153.94 p.d.0fmm.com
O1 - Hosts: 34.195.153.94 pagead2.googlesyndication.com
O1 - Hosts: 34.195.153.94 pixel.vihub.ru
O1 - Hosts: 34.195.153.94 psma02.com
O1 - Hosts: 34.195.153.94 px.adhigh.net
O1 - Hosts: 34.195.153.94 rtax.criteo.com
O1 - Hosts: 34.195.153.94 rum-static.pingdom.net
O1 - Hosts: 34.195.153.94 s.ytimg.com
O1 - Hosts: 34.195.153.94 s1.olx.ua
O1 - Hosts: 34.195.153.94 sb.scorecardresearch.com
O1 - Hosts: 34.195.153.94 secure.whisla.com
O1 - Hosts: 34.195.153.94 securepubads.g.doubleclick.net
O1 - Hosts: 34.195.153.94 source.mmi.bemobile.ua
O1 - Hosts: 34.195.153.94 ssl.luxup.ru
O1 - Hosts: 34.195.153.94 ssp.rambler.ru
O1 - Hosts: 34.195.153.94 st.top100.ru
O1 - Hosts: 34.195.153.94 stat.media
O1 - Hosts: 34.195.153.94 static.censor.net.ua
O1 - Hosts: 34.195.153.94 static.criteo.net
O1 - Hosts: 34.195.153.94 static.dynamicyield.com
O1 - Hosts: 34.195.153.94 static.gazeta.ru
O1 - Hosts: 34.195.153.94 stats.g.doubleclick.net
O1 - Hosts: 34.195.153.94 stats.tmtm.ru
O1 - Hosts: 34.195.153.94 t2.korrespondent.net
O1 - Hosts: 34.195.153.94 tag.digitaltarget.ru
O1 - Hosts: 34.195.153.94 tag.marinsm.com
O1 - Hosts: 34.195.153.94 target.smi2.net
O1 - Hosts: 34.195.153.94 top-fwz1.mail.ru
O1 - Hosts: 34.195.153.94 tracker.bigl.ua
O1 - Hosts: 34.195.153.94 ua.hit.gemius.pl
O1 - Hosts: 34.195.153.94 www.google.com
O1 - Hosts: 34.195.153.94 www.googleadservices.com
O1 - Hosts: 34.195.153.94 www.googletagmanager.com
O1 - Hosts: 34.195.153.94 www.googletagservices.com
O1 - Hosts: 34.195.153.94 www.gstatic.com
O1 - Hosts: 34.195.153.94 www.tns-counter.ru
O1 - Hosts: 34.195.153.94 yastatic.net
O1 - Hosts: 34.195.153.94 z.moatads.com
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_101\bin\ssv.dll
O2 - BHO: Spyware Terminator 2015 Internet Guard - {82A76710-4F98-4957-92BE-99648A4E2475} - C:\PROGRA~2\SPYWAR~1\STINTE~1.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_101\bin\jp2ssv.dll
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Facebook Update] "C:\Users\HF\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
O4 - HKCU\..\Run: [HP Deskjet 4620 series (NET)] "C:\Program Files\HP\HP Deskjet 4620 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN249110ZT05TN:NW" -scfn "HP Deskjet 4620 series (NET)" -AutoStart 1
O4 - HKCU\..\Run: [GalaxyClient] C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe /launchViaAutoStart
O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
O4 - HKCU\..\Run: [CCleaner Monitoring] "D:\Program Files (x86)\Ccleaner\CCleaner64.exe" /MONITOR
O4 - HKCU\..\Run: [J9J4WH4S6Y] "C:\Program Files\NERH5YV48N\NERH5YV48.exe"
O4 - HKCU\..\Run: [DN0BOLUB1H] "C:\Program Files\XGA2TBQJOS\XGA2TBQJO.exe"
O4 - HKCU\..\Run: [RB26CLMKZL] "C:\Program Files\VOXR3SMG36\VOXR3SMG3.exe"
O4 - HKUS\S-1-5-19\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [] (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [] (User 'Default user')
O4 - Startup: Odoslanie do programu OneNote.lnk = C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Od&oslať do programu OneNote - res://C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL
O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Protocol: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing)
O23 - Service: Disc Soft Bus Service - Unknown owner - d:\Program Files (x86)\DAEMON Tools Pro\DiscSoftBusService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: Article Centered (fewojuji) - Unknown owner - C:\Program.exe (file missing)
O23 - Service: GalaxyClientService - GOG.com - C:\Program Files (x86)\GalaxyClient\GalaxyClientService.exe
O23 - Service: GalaxyCommunication - GOG.com - C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: HP SI Service (HPSIService) - Unknown owner - C:\WINDOWS\SYSTEM32\HPSISVC.EXE (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: KMService - Unknown owner - C:\Windows\system32\srvany.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: @mqutil.dll,-6102 (MSMQ) - Unknown owner - C:\WINDOWS\system32\mqsvc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Container LS (NVDisplay.ContainerLocalSystem) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
O23 - Service: NVIDIA Streamer Network Service (NvStreamNetworkSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
O23 - Service: Origin Client Service - Electronic Arts - C:\Program Files (x86)\Origin\OriginClientService.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\WINDOWS\System32\SensorDataService.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - D:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: Spyware Terminator 2012 Realtime Shield Service (ST2012_Svc) - Crawler Group, LLC - C:\Program Files (x86)\Spyware Terminator\st_rsser64.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\WINDOWS\system32\TieringEngineService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @oem15.inf,%ViaKaraokeSrv.SvcDesc%;VIA Karaoke digital mixer Service (VIAKaraokeService) - Unknown owner - C:\WINDOWS\system32\viakaraokesrv.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 15433 bytes

======Listing Processes======







C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k RPCSS
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\System32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe -k apphost
"C:\PROGRAM FILES\MICROSOFT OFFICE 15\CLIENTX64\OFFICECLICKTORUN.EXE" /service
C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\WINDOWS\System32\svchost.exe -k utcsvc
C:\WINDOWS\SYSTEM32\HPSISVC.EXE
C:\WINDOWS\system32\mqsvc.exe
C:\WINDOWS\system32\svchost.exe -k iissvcs
C:\WINDOWS\system32\svchost.exe -k imgsvc
"C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe"
"C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe"
C:\WINDOWS\system32\svchost.exe -k appmodel
C:\WINDOWS\SysWoW64\svchost.exe -k Qotackcoaback
"C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem"
"C:\Program Files (x86)\Spyware Terminator\st_rsser64.exe"
C:\WINDOWS\system32\viakaraokesrv.exe
C:\WINDOWS\SysWoW64\svchost.exe -k LocalMediaService

dashost.exe {2fbe9f40-b114-431b-a0bad11951fcac4f}

C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
"C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe" -NetMsmqActivator
"C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe"

C:\WINDOWS\system32\SearchIndexer.exe /Embedding
"C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler.exe"
"C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler64.exe"
C:\WINDOWS\system32\svchost.exe -k SDRSVC
"C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\SeaPort.exe"
"C:\Program Files (x86)\368b2629-7a03-4729-9ab5-7b52dcab61d01483953004\kns8F9A.tmp"

C:\WINDOWS\System32\WinLogon.exe -SpecialSession
"dwm.exe"
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
sihost.exe
C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup
taskhostw.exe {222A245B-E637-4AE9-A93F-A59CA119A75E}
C:\Windows\System32\RuntimeBroker.exe -Embedding
C:\WINDOWS\Explorer.EXE
"C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe" -ServerName:App.AppXtk181tbxbce2qsex02s8tw7hfxa9xb3t.mca
"C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe" -ServerName:CortanaUI.AppXa50dqqa5gqv4a428c9y1jjw7m3btvepj.mca
"C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
"C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.145.0_x64__kzf8qxf38zg5c\SkypeHost.exe" -ServerName:SkypeHost.ServerServer
"C:/Program Files/NVIDIA Corporation/Display/nvtray.exe" -user_has_logged_in 1"
C:\WINDOWS\system32\SettingSyncHost.exe -Embedding
"C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe"
"C:\Program Files\Windows Defender\MSASCuiL.exe"
"C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe" /ELEVATED
"C:\Program Files\HP\HP Deskjet 4620 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN249110ZT05TN:NW" -scfn "HP Deskjet 4620 series (NET)" -AutoStart 1
"C:\Program Files (x86)\Steam\Steam.exe" -silent
"C:\Program Files\NERH5YV48N\NERH5YV48.exe"
"C:\Program Files\XGA2TBQJOS\XGA2TBQJO.exe"
"C:\Program Files\VOXR3SMG36\VOXR3SMG3.exe"
"C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe"
"C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-090db2ef-9bf3-45f4-9070-57e72c4e01e4 -SystemEventPortName:HostProcess-88f53e9f-deea-4aae-9615-06724f30c5d0 -IoCancelEventPortName:HostProcess-b1deba05-0225-46b8-9515-f708bc2a6c16 -NonStateChangingEventPortName:HostProcess-c1182f38-fd91-4ea0-8d2c-b7f106337978 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:56b50850-dca1-48e0-9d12-3f7aa8620945 -DeviceGroupId:WudfDefaultDevicePool
"C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe" /runWithoutUpdating
"C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE" /tsr
"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
"C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe" --type=gpu-process --channel="7356.0.1494208134\1228516622" --no-sandbox --lang=en-US --log-file="C:\ProgramData\GOG.com\Galaxy\logs\cef.log" --log-severity=info --supports-dual-gpus=false --gpu-driver-bug-workarounds=4,13,25,54,69 --gpu-vendor-id=0x10de --gpu-device-id=0x1187 --gpu-driver-vendor=NVIDIA --gpu-driver-version=21.21.13.7570 --lang=en-US --log-file="C:\ProgramData\GOG.com\Galaxy\logs\cef.log" --log-severity=info --mojo-platform-channel-handle=2020 /prefetch:2
"C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe" --type=renderer --enable-smooth-scrolling --js-flags=--expose-gc --no-sandbox --primordial-pipe-token=D83A38B389C80021DF4FE049BA89D65A --lang=en-US --lang=en-US --log-file="C:\ProgramData\GOG.com\Galaxy\logs\cef.log" --log-severity=info --disable-spell-checking --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --channel="7356.1.801101145\1502507706" --mojo-platform-channel-handle=2332 /prefetch:1
"C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe" --type=renderer --enable-smooth-scrolling --js-flags=--expose-gc --no-sandbox --primordial-pipe-token=A31EFA2A1526646E07FE0863220B6775 --lang=en-US --lang=en-US --log-file="C:\ProgramData\GOG.com\Galaxy\logs\cef.log" --log-severity=info --disable-spell-checking --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --channel="7356.2.465346728\892398806" --mojo-platform-channel-handle=2388 /prefetch:1
"C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe" "-cachedir=C:\Users\HF\AppData\Local\Steam\htmlcache" "-steampid=8720" "-buildid=1482202200" "-steamid=0" --disable-gpu-compositing --disable-gpu --process-per-tab --disable-spell-checking --disable-out-of-process-pac --disable-smooth-scrolling --enable-direct-write
"C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe" --type=crashpad-handler /prefetch:7 "--database=C:\Users\HF\AppData\Local\Chromium\User Data\Crashpad" "--metrics-dir=C:\Users\HF\AppData\Local\Chromium\User Data" --annotation=channel= --annotation=plat=Win32 --annotation=prod= --annotation=ver=01.00.00.01-devel --handshake-handle=0x2c0
"C:\Program Files (x86)\Common Files\Steam\SteamService.exe" /RunAsService
"C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe" serviceapp
\??\C:\WINDOWS\system32\conhost.exe 0x4
"D:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "http://goodwebshow.com/redirect/5836ca80e6d5d"
"C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe" -auto
"D:\Program Files (x86)\Total Commander 64bit 8.0\TOTALCMD64.EXE"
"D:\Program Files (x86)\Mozilla Firefox\plugin-container.exe" --channel="804.9.175854731\1653241803" "C:\WINDOWS\SysWoW64\Macromed\Flash\NPSWF32_24_0_0_186.dll" -greomni "D:\Program Files (x86)\Mozilla Firefox\omni.ja" -appomni "D:\Program Files (x86)\Mozilla Firefox\browser\omni.ja" -appdir "D:\Program Files (x86)\Mozilla Firefox\browser" 260915DCF3A62DA7 804 "\\.\pipe\gecko-crash-server-pipe.804" plugin
"C:\WINDOWS\System32\Macromed\Flash\FlashPlayerPlugin_24_0_0_186.exe" --proxy-stub-channel=Flash3120.618AE990.22312 --host-broker-channel=Flash3120.618AE990.15345 --host-pid=3120 --host-npapi-version=29 --plugin-path="C:\WINDOWS\System32\Macromed\Flash\NPSWF32_24_0_0_186.dll"
"C:\WINDOWS\System32\Macromed\Flash\FlashPlayerPlugin_24_0_0_186.exe" --channel=1188.012FF594.907850246 --proxy-stub-channel=Flash3120.618AE990.22312 --plugin-path="C:\WINDOWS\System32\Macromed\Flash\NPSWF32_24_0_0_186.dll" --host-npapi-version=29 --type=renderer
C:\WINDOWS\system32\AUDIODG.EXE 0x474
"C:\WINDOWS\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe17_ Global\UsGthrCtrlFltPipeMssGthrPipe17 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\WINDOWS\system32\SearchFilterHost.exe" 0 644 648 656 8192 652
C:\Windows\System32\smartscreen.exe -Embedding
taskhostw.exe
C:\WINDOWS\system32\DllHost.exe /Processid:{133EAC4F-5891-4D04-BADA-D84870380A80}
"C:\Users\HF\Downloads\RSITx64.exe"
C:\WINDOWS\system32\wbem\wmiprvse.exe

======Scheduled tasks folder======

C:\WINDOWS\tasks\Adobe Flash Player Updater.job - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
C:\WINDOWS\tasks\CreateExplorerShellUnelevatedTask.job - C:\WINDOWS\explorer.exe /NOUACCHECK
C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-4039880186-1844316042-2073029014-1000Core.job - C:\Users\HF\AppData\Local\Facebook\Update\FacebookUpdate.exe /c /nocrashserver
C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-4039880186-1844316042-2073029014-1000UA.job - C:\Users\HF\AppData\Local\Facebook\Update\FacebookUpdate.exe /ua /installsource scheduler

=========Mozilla firefox=========

ProfilePath - C:\Users\HF\AppData\Roaming\Mozilla\Firefox\Profiles\fwuohxmc.default

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 24.0.0.186 Plugin
"Path"=C:\WINDOWS\SysWoW64\Macromed\Flash\NPSWF32_24_0_0_186.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Google.com/GoogleEarthPlugin]
"Description"=Google Earth in your browser
"Path"=C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=11.101.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Program Files (x86)\Java\jre1.8.0_101\bin\dtplugin\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=11.101.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre1.8.0_101\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@nvidia.com/3DVision]
"Description"=NVIDIA stereo images plugin for Mozilla browsers
"Path"=C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@nvidia.com/3DVisionStreaming]
"Description"=NVIDIA 3D Vision Streaming plugin for Mozilla browsers
"Path"=C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 24.0.0.186 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF64_24_0_0_186.dll


C:\Users\HF\AppData\Roaming\Mozilla\Firefox\Profiles\fwuohxmc.default\extensions\
{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}

C:\Users\HF\AppData\Roaming\Mozilla\Firefox\Profiles\fwuohxmc.default\searchplugins\
google-default.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}]
Skype for Business Browser Helper - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2016-10-11 229064]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{82A76710-4F98-4957-92BE-99648A4E2475}]
Spyware Terminator 2015 Internet Guard - C:\PROGRA~2\SPYWAR~1\STINTE~2.DLL [2015-07-28 2013520]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2016-11-01 896288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}]
Microsoft SkyDrive Pro Browser Helper - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2016-11-01 2351920]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_101\bin\ssv.dll [2016-09-04 473152]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{82A76710-4F98-4957-92BE-99648A4E2475}]
Spyware Terminator 2015 Internet Guard - C:\PROGRA~2\SPYWAR~1\STINTE~1.DLL [2015-07-28 1255248]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_101\bin\jp2ssv.dll [2016-09-04 186944]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvBackend"=C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2016-06-15 2398776]
"SpywareTerminatorShield"=C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe [2015-12-10 5318992]
"SpywareTerminatorUpdater"=C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe [2015-12-10 5557584]
"WindowsDefender"=C:\Program Files\Windows Defender\MSASCuiL.exe [2016-09-07 631808]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Facebook Update"=C:\Users\HF\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-12-07 138096]
"HP Deskjet 4620 series (NET)"=C:\Program Files\HP\HP Deskjet 4620 series\Bin\ScanToPCActivationApp.exe [2012-10-17 2573416]
"GalaxyClient"=C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe [2016-12-20 3971648]
"Steam"=C:\Program Files (x86)\Steam\steam.exe [2016-12-20 2876704]
"CCleaner Monitoring"=D:\Program Files (x86)\Ccleaner\CCleaner64.exe [2014-12-12 7394584]
"J9J4WH4S6Y"=C:\Program Files\NERH5YV48N\NERH5YV48.exe [2017-01-09 369664]
"DN0BOLUB1H"=C:\Program Files\XGA2TBQJOS\XGA2TBQJO.exe [2017-01-09 369664]
"RB26CLMKZL"=C:\Program Files\VOXR3SMG36\VOXR3SMG3.exe [2017-01-09 369664]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"HP Software Update"=C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [2013-05-30 96056]
""= []
"LWS"=C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [2012-09-12 204136]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2016-06-22 598552]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Adobe Gamma Loader.lnk - C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

C:\Users\HF\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Odoslanie do programu OneNote.lnk - C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ahcache.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CoreMessagingRegistrar]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\iai2c.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SpbCx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\StateRepository]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TileDataModelSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\uefi.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\UserManager]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{F2E7DD72-6468-4E36-B6F1-6488F42C1B52}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Ahcache.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\CoreMessagingRegistrar]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SpbCx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\StateRepository]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TileDataModelSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\uefi.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UserManager]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{F2E7DD72-6468-4E36-B6F1-6488F42C1B52}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DSCAutomationHostEnabled"=2

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"EnableShellExecuteHooks"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"vidc.i420"=iyuv_32.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2017-01-10 17:01:58 ----D---- C:\rsit
2017-01-10 17:01:58 ----D---- C:\Program Files\trend micro
2017-01-09 13:09:57 ----A---- C:\WINDOWS\ntbtlog.txt
2017-01-09 11:46:45 ----D---- C:\Users\HF\AppData\Roaming\Gireshckcge
2017-01-09 11:46:45 ----D---- C:\Program Files (x86)\Zohtckileied Configuration
2017-01-09 11:46:42 ----D---- C:\Program Files (x86)\Anomusyercit
2017-01-09 10:20:16 ----D---- C:\Program Files\VOXR3SMG36
2017-01-09 10:11:05 ----D---- C:\Program Files\XGA2TBQJOS
2017-01-09 10:11:05 ----D---- C:\Program Files\NERH5YV48N
2017-01-09 10:11:02 ----D---- C:\Program Files (x86)\baidu
2017-01-09 10:11:00 ----D---- C:\Program Files (x86)\mpck
2017-01-09 10:10:45 ----D---- C:\Program Files (x86)\368b2629-7a03-4729-9ab5-7b52dcab61d01483953004
2017-01-09 10:10:35 ----AD---- C:\Program Files\RunBooster
2017-01-09 10:10:35 ----A---- C:\WINDOWS\system32\drivers\WinDivert64.sys
2017-01-09 10:08:00 ----D---- C:\ProgramData\Microleaves
2017-01-09 10:07:52 ----A---- C:\Users\HF\AppData\Roaming\coreavc.ini
2017-01-09 10:07:49 ----D---- C:\ProgramData\SaFiPlayer
2017-01-09 10:06:39 ----D---- C:\Program Files\SaFiPlayer
2017-01-09 10:06:05 ----D---- C:\Program Files (x86)\UCBrowser
2017-01-09 10:05:12 ----D---- C:\Program Files (x86)\Microleaves
2017-01-09 10:04:59 ----D---- C:\Users\HF\AppData\Roaming\Microleaves
2017-01-09 10:04:26 ----D---- C:\Users\HF\AppData\Roaming\Arolertainmekeing
2017-01-09 10:04:25 ----D---- C:\Users\HF\AppData\Roaming\Profiles
2017-01-09 10:04:24 ----D---- C:\Program Files (x86)\Arorit
2016-12-28 22:27:32 ----D---- C:\Users\HF\AppData\Roaming\Amanita-Design.Samorost3
2016-12-14 21:29:41 ----A---- C:\WINDOWS\SYSWOW64\mfmp4srcsnk.dll
2016-12-14 21:29:41 ----A---- C:\WINDOWS\SYSWOW64\MFMediaEngine.dll
2016-12-14 21:29:41 ----A---- C:\WINDOWS\SYSWOW64\AppXDeploymentClient.dll
2016-12-14 21:29:41 ----A---- C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2016-12-14 21:29:40 ----A---- C:\WINDOWS\SYSWOW64\Windows.Media.dll
2016-12-14 21:29:40 ----A---- C:\WINDOWS\SYSWOW64\d3d10warp.dll
2016-12-14 21:29:40 ----A---- C:\WINDOWS\system32\Windows.UI.Logon.dll
2016-12-14 21:29:40 ----A---- C:\WINDOWS\system32\ole32.dll
2016-12-14 21:29:40 ----A---- C:\WINDOWS\system32\msi.dll
2016-12-14 21:29:40 ----A---- C:\WINDOWS\system32\msdtctm.dll
2016-12-14 21:29:39 ----A---- C:\WINDOWS\SYSWOW64\TextInputFramework.dll
2016-12-14 21:29:39 ----A---- C:\WINDOWS\SYSWOW64\InputService.dll
2016-12-14 21:29:39 ----A---- C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll
2016-12-14 21:29:39 ----A---- C:\WINDOWS\system32\hvloader.exe
2016-12-14 21:29:39 ----A---- C:\WINDOWS\system32\hvix64.exe
2016-12-14 21:29:39 ----A---- C:\WINDOWS\system32\hvax64.exe
2016-12-14 21:29:39 ----A---- C:\WINDOWS\system32\AppXDeploymentClient.dll
2016-12-14 21:29:38 ----A---- C:\WINDOWS\SYSWOW64\Windows.UI.Core.TextInput.dll
2016-12-14 21:29:38 ----A---- C:\WINDOWS\SYSWOW64\InputLocaleManager.dll
2016-12-14 21:29:38 ----A---- C:\WINDOWS\SYSWOW64\EditBufferTestHook.dll
2016-12-14 21:29:37 ----A---- C:\WINDOWS\SYSWOW64\WordBreakers.dll
2016-12-14 21:29:37 ----A---- C:\WINDOWS\system32\mfmp4srcsnk.dll
2016-12-14 21:29:37 ----A---- C:\WINDOWS\system32\MFMediaEngine.dll
2016-12-14 21:29:37 ----A---- C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2016-12-14 21:29:37 ----A---- C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2016-12-14 21:29:36 ----A---- C:\WINDOWS\system32\Windows.Media.dll
2016-12-14 21:29:36 ----A---- C:\WINDOWS\system32\LicenseManager.dll
2016-12-14 21:29:36 ----A---- C:\WINDOWS\system32\AppXDeploymentServer.dll
2016-12-14 21:29:35 ----A---- C:\WINDOWS\system32\Windows.Security.Authentication.OnlineId.dll
2016-12-14 21:29:35 ----A---- C:\WINDOWS\system32\ntoskrnl.exe
2016-12-14 21:29:35 ----A---- C:\WINDOWS\system32\facecredentialprovider.dll
2016-12-14 21:29:35 ----A---- C:\WINDOWS\system32\CoreUIComponents.dll
2016-12-14 21:29:34 ----A---- C:\WINDOWS\system32\aadtb.dll
2016-12-14 21:29:34 ----A---- C:\WINDOWS\system32\aadcloudap.dll
2016-12-14 21:29:33 ----A---- C:\WINDOWS\SYSWOW64\WindowsCodecs.dll
2016-12-14 21:29:33 ----A---- C:\WINDOWS\SYSWOW64\user32.dll
2016-12-14 21:29:32 ----A---- C:\WINDOWS\system32\InputService.dll
2016-12-14 21:29:31 ----A---- C:\WINDOWS\SYSWOW64\win32kfull.sys
2016-12-14 21:29:31 ----A---- C:\WINDOWS\SYSWOW64\win32k.sys
2016-12-14 21:29:31 ----A---- C:\WINDOWS\SYSWOW64\sspicli.dll
2016-12-14 21:29:31 ----A---- C:\WINDOWS\system32\WordBreakers.dll
2016-12-14 21:29:31 ----A---- C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2016-12-14 21:29:31 ----A---- C:\WINDOWS\system32\win32k.sys
2016-12-14 21:29:31 ----A---- C:\WINDOWS\system32\TextInputFramework.dll
2016-12-14 21:29:31 ----A---- C:\WINDOWS\system32\ShareHost.dll
2016-12-14 21:29:31 ----A---- C:\WINDOWS\system32\InputLocaleManager.dll
2016-12-14 21:29:31 ----A---- C:\WINDOWS\system32\EditBufferTestHook.dll
2016-12-14 21:29:30 ----A---- C:\WINDOWS\system32\win32kfull.sys
2016-12-14 21:29:30 ----A---- C:\WINDOWS\system32\user32.dll
2016-12-14 21:29:30 ----A---- C:\WINDOWS\system32\SettingsHandlers_nt.dll
2016-12-14 21:29:30 ----A---- C:\WINDOWS\system32\ieframe.dll
2016-12-14 21:29:29 ----A---- C:\WINDOWS\SYSWOW64\ieframe.dll
2016-12-14 21:29:29 ----A---- C:\WINDOWS\system32\cdp.dll
2016-12-14 21:29:27 ----A---- C:\WINDOWS\SYSWOW64\msi.dll
2016-12-14 21:29:27 ----A---- C:\WINDOWS\system32\securekernel.exe
2016-12-14 21:29:27 ----A---- C:\WINDOWS\system32\CoreMessaging.dll
2016-12-14 21:29:26 ----A---- C:\WINDOWS\SYSWOW64\gdi32full.dll
2016-12-14 21:29:26 ----A---- C:\WINDOWS\system32\gdi32full.dll
2016-12-14 21:29:26 ----A---- C:\WINDOWS\system32\CloudExperienceHost.dll
2016-12-14 21:29:25 ----A---- C:\WINDOWS\system32\winresume.exe
2016-12-14 21:29:25 ----A---- C:\WINDOWS\system32\winload.exe
2016-12-14 21:29:25 ----A---- C:\WINDOWS\system32\Windows.UI.Shell.dll
2016-12-14 21:29:24 ----A---- C:\WINDOWS\SYSWOW64\Windows.Media.Protection.PlayReady.dll
2016-12-14 21:29:23 ----A---- C:\WINDOWS\SYSWOW64\WinTypes.dll
2016-12-14 21:29:23 ----A---- C:\WINDOWS\SYSWOW64\LicenseManager.dll
2016-12-14 21:29:23 ----A---- C:\WINDOWS\SYSWOW64\CoreMessaging.dll
2016-12-14 21:29:23 ----A---- C:\WINDOWS\SYSWOW64\combase.dll
2016-12-14 21:29:23 ----A---- C:\WINDOWS\SYSWOW64\cdp.dll
2016-12-14 21:29:23 ----A---- C:\WINDOWS\system32\WinTypes.dll
2016-12-14 21:29:23 ----A---- C:\WINDOWS\system32\lsasrv.dll
2016-12-14 21:29:23 ----A---- C:\WINDOWS\system32\combase.dll
2016-12-14 21:29:23 ----A---- C:\WINDOWS\system32\acmigration.dll
2016-12-14 21:29:22 ----A---- C:\WINDOWS\SYSWOW64\Windows.UI.Logon.dll
2016-12-14 21:29:22 ----A---- C:\WINDOWS\SYSWOW64\Windows.Security.Authentication.OnlineId.dll
2016-12-14 21:29:22 ----A---- C:\WINDOWS\SYSWOW64\wincorlib.dll
2016-12-14 21:29:22 ----A---- C:\WINDOWS\SYSWOW64\ShareHost.dll
2016-12-14 21:29:22 ----A---- C:\WINDOWS\SYSWOW64\mdmregistration.dll
2016-12-14 21:29:22 ----A---- C:\WINDOWS\SYSWOW64\bcrypt.dll
2016-12-14 21:29:22 ----A---- C:\WINDOWS\SYSWOW64\aadtb.dll
2016-12-14 21:29:22 ----A---- C:\WINDOWS\system32\wincorlib.dll
2016-12-14 21:29:22 ----A---- C:\WINDOWS\system32\mdmregistration.dll
2016-12-14 21:29:22 ----A---- C:\WINDOWS\system32\enterprisecsps.dll
2016-12-14 21:29:22 ----A---- C:\WINDOWS\system32\drivers\cng.sys
2016-12-14 21:29:22 ----A---- C:\WINDOWS\system32\drivers\clfs.sys
2016-12-14 21:29:22 ----A---- C:\WINDOWS\system32\DeviceEnroller.exe
2016-12-14 21:29:22 ----A---- C:\WINDOWS\system32\bcrypt.dll
2016-12-14 21:29:22 ----A---- C:\WINDOWS\system32\appraiser.dll
2016-12-14 21:29:21 ----A---- C:\WINDOWS\SYSWOW64\jscript9diag.dll
2016-12-14 21:29:21 ----A---- C:\WINDOWS\SYSWOW64\jscript9.dll
2016-12-14 21:29:21 ----A---- C:\WINDOWS\SYSWOW64\Chakradiag.dll
2016-12-14 21:29:21 ----A---- C:\WINDOWS\SYSWOW64\Chakra.dll
2016-12-14 21:29:20 ----A---- C:\WINDOWS\system32\win32kbase.sys
2016-12-14 21:29:20 ----A---- C:\WINDOWS\system32\jscript9.dll
2016-12-14 21:29:20 ----A---- C:\WINDOWS\system32\Chakra.dll
2016-12-14 21:29:20 ----A---- C:\WINDOWS\system32\fveapibase.dll
2016-12-14 21:29:19 ----A---- C:\WINDOWS\system32\mshtml.dll
2016-12-14 21:29:19 ----A---- C:\WINDOWS\system32\indexeddbserver.dll
2016-12-14 21:29:19 ----A---- C:\WINDOWS\system32\fveapi.dll
2016-12-14 21:29:19 ----A---- C:\WINDOWS\system32\drivers\dxgmms1.sys
2016-12-14 21:29:18 ----A---- C:\WINDOWS\system32\WindowsCodecs.dll
2016-12-14 21:29:18 ----A---- C:\WINDOWS\system32\edgehtml.dll
2016-12-14 21:29:18 ----A---- C:\WINDOWS\system32\drivers\dxgmms2.sys
2016-12-14 21:29:18 ----A---- C:\WINDOWS\system32\drivers\dxgkrnl.sys
2016-12-14 21:29:18 ----A---- C:\WINDOWS\system32\cdd.dll
2016-12-14 21:29:17 ----A---- C:\WINDOWS\SYSWOW64\CoreUIComponents.dll
2016-12-14 21:29:16 ----A---- C:\WINDOWS\SYSWOW64\indexeddbserver.dll
2016-12-14 21:29:16 ----A---- C:\WINDOWS\SYSWOW64\edgehtml.dll
2016-12-14 21:29:15 ----A---- C:\WINDOWS\SYSWOW64\ole32.dll
2016-12-14 21:29:15 ----A---- C:\WINDOWS\SYSWOW64\mshtml.dll
2016-12-14 21:29:14 ----A---- C:\WINDOWS\system32\sspicli.dll
2016-12-14 21:29:14 ----A---- C:\WINDOWS\system32\d3d10warp.dll
2016-12-14 21:29:13 ----A---- C:\WINDOWS\SYSWOW64\Windows.ApplicationModel.LockScreen.dll
2016-12-14 21:29:13 ----A---- C:\WINDOWS\system32\CryptoWinRT.dll

======List of files/folders modified in the last 1 month======

2017-01-10 17:02:05 ----D---- C:\WINDOWS\Prefetch
2017-01-10 17:01:58 ----RD---- C:\Program Files
2017-01-10 16:51:00 ----D---- C:\WINDOWS\system32\sru
2017-01-10 16:37:55 ----D---- C:\WINDOWS\Temp
2017-01-10 15:58:53 ----D---- C:\Program Files (x86)\Steam
2017-01-10 15:56:39 ----HD---- C:\Program Files\WindowsApps
2017-01-10 15:56:32 ----D---- C:\WINDOWS\AppReadiness
2017-01-09 21:27:25 ----D---- C:\Users\HF\AppData\Roaming\vlc
2017-01-09 20:08:32 ----D---- C:\WINDOWS\system32\SleepStudy
2017-01-09 15:26:23 ----D---- C:\ProgramData\Spyware Terminator
2017-01-09 14:19:39 ----D---- C:\WINDOWS\LiveKernelReports
2017-01-09 14:19:34 ----D---- C:\WINDOWS\System32
2017-01-09 13:17:22 ----D---- C:\WINDOWS\SysWOW64
2017-01-09 13:17:22 ----D---- C:\ProgramData\NVIDIA Corporation
2017-01-09 13:17:22 ----D---- C:\Program Files\NVIDIA Corporation
2017-01-09 13:17:22 ----D---- C:\Program Files (x86)\NVIDIA Corporation
2017-01-09 13:12:46 ----D---- C:\ProgramData\NVIDIA
2017-01-09 13:09:57 ----D---- C:\Windows
2017-01-09 13:02:01 ----D---- C:\WINDOWS\Tasks
2017-01-09 12:04:22 ----D---- C:\WINDOWS\Web
2017-01-09 12:04:22 ----AD---- C:\WINDOWS\system32\drivers
2017-01-09 12:03:02 ----D---- C:\WINDOWS\Migration
2017-01-09 11:52:24 ----RD---- C:\Program Files (x86)
2017-01-09 11:52:19 ----D---- C:\WINDOWS\system32\Tasks
2017-01-09 11:34:46 ----RD---- C:\WINDOWS\Microsoft.NET
2017-01-09 11:16:21 ----SD---- C:\WINDOWS\Downloaded Program Files
2017-01-09 10:50:36 ----HD---- C:\ProgramData
2017-01-09 10:50:36 ----D---- C:\WINDOWS\Setup
2017-01-09 10:49:45 ----D---- C:\WINDOWS\system32\catroot2
2017-01-09 10:32:30 ----D---- C:\WINDOWS\Minidump
2017-01-09 10:05:31 ----SHDC---- C:\WINDOWS\Installer
2017-01-02 10:46:03 ----SHD---- C:\System Volume Information
2016-12-23 22:04:36 ----D---- C:\WINDOWS\system32\config
2016-12-20 22:28:17 ----RD---- C:\WINDOWS\assembly
2016-12-20 22:28:15 ----AD---- C:\ProgramData\regid.1991-06.com.microsoft
2016-12-20 22:27:31 ----AD---- C:\Program Files\Microsoft Office 15
2016-12-20 11:41:01 ----AD---- C:\Program Files (x86)\GalaxyClient
2016-12-16 13:06:14 ----D---- C:\WINDOWS\rescache
2016-12-16 01:41:00 ----D---- C:\WINDOWS\WinSxS
2016-12-15 01:08:49 ----D---- C:\WINDOWS\SYSWOW64\en-US
2016-12-15 01:08:49 ----D---- C:\WINDOWS\system32\en-US
2016-12-15 01:08:48 ----D---- C:\WINDOWS\system32\DriverStore
2016-12-15 01:08:48 ----D---- C:\WINDOWS\system32\Boot
2016-12-15 01:08:48 ----D---- C:\WINDOWS\ShellExperiences
2016-12-15 01:08:48 ----D---- C:\WINDOWS\AppPatch
2016-12-15 01:03:08 ----D---- C:\WINDOWS\system32\Macromed
2016-12-15 01:03:04 ----D---- C:\WINDOWS\SYSWOW64\Macromed
2016-12-14 21:54:03 ----D---- C:\WINDOWS\CbsTemp
2016-12-14 21:47:40 ----D---- C:\WINDOWS\system32\MRT
2016-12-14 21:43:56 ----AC---- C:\WINDOWS\system32\MRT.exe
2016-12-12 00:56:25 ----A---- C:\WINDOWS\SYSWOW64\FlashPlayerApp.exe
2016-12-11 10:34:13 ----D---- C:\WINDOWS\INF

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 iorate;@%SystemRoot%\system32\drivers\iorate.sys,-100; C:\WINDOWS\system32\drivers\iorate.sys [2016-11-02 48992]
R1 FileCrypt;@%systemroot%\system32\drivers\filecrypt.sys,-100; C:\WINDOWS\system32\drivers\filecrypt.sys [2016-07-16 88576]
R1 GpuEnergyDrv;@%SystemRoot%\system32\drivers\gpuenergydrv.sys,-100; C:\WINDOWS\System32\drivers\gpuenergydrv.sys [2016-07-16 8192]
R1 HWiNFO32;HWiNFO32/64 Kernel Driver; \??\D:\Program Files (x86)\HWiNFO64\HWiNFO64A.SYS [2012-05-10 30592]
R2 clreg;@%SystemRoot%\system32\drivers\registry.sys,-100; C:\WINDOWS\System32\drivers\registry.sys [2016-07-16 70144]
R2 MMCSS;@%systemroot%\system32\drivers\mmcss.sys,-100; C:\WINDOWS\system32\drivers\mmcss.sys [2016-07-16 48128]
R2 sp_rsdrv2;Spyware Terminator Driver Filter; C:\WINDOWS\system32\DRIVERS\stflt.sys [2014-11-22 51496]
R2 storqosflt;@%SystemRoot%\System32\drivers\storqosflt.sys,-101; C:\WINDOWS\system32\drivers\storqosflt.sys [2016-07-16 78336]
R3 dg_ssudbus;@oem14.inf,%ssud.Service.DeviceDesc%;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.); C:\WINDOWS\system32\DRIVERS\ssudbus.sys [2016-07-22 130688]
R3 dtldrvhelp;dtldrvhelp; \??\c:\program files\safiplayer\dtldrvhelp64.sys [2016-12-29 58960]
R3 MQAC;@mqutil.dll,-6101; C:\WINDOWS\system32\drivers\mqac.sys [2016-08-07 175616]
R3 MTsensor;@oem20.inf,%ASACPI.DisplayName%;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2013-05-17 17280]
R3 NVHDA;@oem40.inf,%NVHDA.SvcDesc%;Service for NVIDIA High Definition Audio Driver; C:\WINDOWS\system32\drivers\nvhda64v.sys [2016-10-26 212936]
R3 nvlddmkm;nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_848dea456d3c865e\nvlddmkm.sys [2016-10-26 14159928]
R3 NvStreamKms;NvStreamKms; \??\C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2016-06-15 28216]
R3 nvvad_WaveExtensible;@oem34.inf,%nvvad_WaveExtensible.SvcDesc%;NVIDIA Virtual Audio Device (Wave Extensible) (WDM); C:\WINDOWS\system32\drivers\nvvad64v.sys [2016-04-14 56384]
R3 rt640x64;@rt640x64.inf,%rt640.Service.DispName%;Realtek RT640 NT Driver; C:\WINDOWS\System32\drivers\rt640x64.sys [2016-07-16 589824]
R3 ssudmdm;@oem3.inf,%ssud.Service.Name%;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.); C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [2016-07-22 164992]
R3 StillCam;@sti.inf,%StillCam.SvcDesc%;Still Serial Digital Camera Driver; C:\WINDOWS\system32\DRIVERS\serscan.sys [2016-07-16 12800]
S0 LSI_SAS2i;LSI_SAS2i; C:\WINDOWS\System32\drivers\lsi_sas2i.sys [2016-07-16 105824]
S0 LSI_SAS3i;LSI_SAS3i; C:\WINDOWS\System32\drivers\lsi_sas3i.sys [2016-07-16 101216]
S0 megasas2i;megasas2i; C:\WINDOWS\System32\drivers\MegaSas2i.sys [2016-10-05 64352]
S0 percsas2i;percsas2i; C:\WINDOWS\System32\drivers\percsas2i.sys [2016-07-16 58720]
S0 percsas3i;percsas3i; C:\WINDOWS\System32\drivers\percsas3i.sys [2016-07-16 61792]
S0 scmbus;@scmbus.inf,%scmbus.SvcDesc%;Microsoft Storage Class Memory Bus Driver; C:\WINDOWS\System32\drivers\scmbus.sys [2016-07-16 88416]
S0 storufs;@storufs.inf,%UfsServiceDesc%;Microsoft Universal Flash Storage (UFS) Driver; C:\WINDOWS\System32\drivers\storufs.sys [2016-07-16 32096]
S3 AcpiDev;@acpidev.inf,%AcpiDev.SvcDesc%;ACPI Devices driver; C:\WINDOWS\System32\drivers\AcpiDev.sys [2016-07-16 18432]
S3 applockerfltr;@%systemroot%\system32\srpapi.dll,-102; C:\WINDOWS\system32\drivers\applockerfltr.sys [2016-07-16 15360]
S3 bcmfn;@bcmfn.inf,%bcmfn.SVCDESC%;bcmfn Service; C:\WINDOWS\System32\drivers\bcmfn.sys [2016-07-16 9728]
S3 buttonconverter;@buttonconverter.inf,%btnconv.SvcDesc%;Service for Portable Device Control devices; C:\WINDOWS\System32\drivers\buttonconverter.sys [2016-07-16 38912]
S3 CapImg;@capimg.inf,%CapImgHid_Service%;HID driver for CapImg touch screen; C:\WINDOWS\System32\drivers\capimg.sys [2016-09-10 118272]
S3 dtproscsibus;@oem31.inf,%DTPROSCSIBUS.DeviceDesc%;DAEMON Tools Pro Virtual SCSI Bus; C:\WINDOWS\System32\drivers\dtproscsibus.sys [2016-08-21 30264]
S3 dtscsibus;DAEMON Tools Virtual SCSI Bus; C:\WINDOWS\system32\DRIVERS\dtscsibus.sys [2015-01-28 29864]
S3 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\WINDOWS\system32\DRIVERS\dtsoftbus01.sys [2015-01-21 283064]
S3 genericusbfn;@genericusbfn.inf,%genericusbfn.ServiceName%;Generic USB Function Class; C:\WINDOWS\System32\drivers\genericusbfn.sys [2016-07-16 20480]
S3 hidinterrupt;@hidinterrupt.inf,%HID_Interrupt.SvcDesc%;Common Driver for HID Buttons implemented with interrupts; C:\WINDOWS\System32\drivers\hidinterrupt.sys [2016-07-16 50016]
S3 hvservice;@%SystemRoot%\system32\drivers\hvservice.sys,-16; C:\WINDOWS\system32\drivers\hvservice.sys [2016-08-06 73568]
S3 cht4iscsi;cht4iscsi; C:\WINDOWS\System32\drivers\cht4sx64.sys [2016-07-16 346976]
S3 cht4vbd;@cht4vx64.inf,%cht4vbd.generic%;Chelsio Virtual Bus Driver; C:\WINDOWS\System32\drivers\cht4vx64.sys [2016-07-16 2104160]
S3 iagpio;@iagpio.inf,%iagpio.SVCDESC%;Intel Serial IO GPIO Controller Driver; C:\WINDOWS\System32\drivers\iagpio.sys [2016-07-16 33280]
S3 iai2c;@iai2c.inf,%iai2c.SVCDESC%;Intel(R) Serial IO I2C Host Controller; C:\WINDOWS\System32\drivers\iai2c.sys [2016-07-16 81408]
S3 iaLPSS2i_GPIO2;@iaLPSS2i_GPIO2_SKL.inf,%iaLPSS2i_GPIO2.SVCDESC%;Intel(R) Serial IO GPIO Driver v2; C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2.sys [2016-07-16 64512]
S3 iaLPSS2i_I2C;@iaLPSS2i_I2C_SKL.inf,%iaLPSS2i_I2C.SVCDESC%;Intel(R) Serial IO I2C Driver v2; C:\WINDOWS\System32\drivers\iaLPSS2i_I2C.sys [2016-07-16 176384]
S3 ibbus;@mlx4_bus.inf,%Ibbus.ServiceDesc%;Mellanox InfiniBand Bus/AL (Filter Driver); C:\WINDOWS\System32\drivers\ibbus.sys [2016-07-16 526176]
S3 IndirectKmd;@%SystemRoot%\system32\drivers\IndirectKmd.sys,-100; C:\WINDOWS\System32\drivers\IndirectKmd.sys [2016-07-16 35840]
S3 irda;IrDA; C:\WINDOWS\system32\drivers\irda.sys [2016-07-16 120320]
S3 mlx4_bus;@mlx4_bus.inf,%MLX4BUS.ServiceDesc%;Mellanox ConnectX Bus Enumerator; C:\WINDOWS\System32\drivers\mlx4_bus.sys [2016-07-16 842584]
S3 ndfltr;@mlx4_bus.inf,%ndfltr.ServiceDesc%;NetworkDirect Service; C:\WINDOWS\System32\drivers\ndfltr.sys [2016-07-16 108896]
S3 NetAdapterCx;Network Adapter Wdf Class Extension Library; C:\WINDOWS\system32\drivers\NetAdapterCx.sys [2016-07-16 90624]
S3 ReFSv1;ReFSv1; C:\WINDOWS\system32\drivers\ReFSv1.sys [2016-07-16 928608]
S3 scmdisk0101;@scmdisk0101.inf,%scmdisk0101.SvcDesc%;Microsoft NVDIMM-N disk driver; C:\WINDOWS\System32\drivers\scmdisk0101.sys [2016-07-16 123904]
S3 UcmCx0101;USB Connector Manager KMDF Class Extension; C:\WINDOWS\System32\Drivers\UcmCx.sys [2016-07-16 95744]
S3 UcmTcpciCx0101;UCM-TCPCI KMDF Class Extension; C:\WINDOWS\System32\Drivers\UcmTcpciCx.sys [2016-07-16 108544]
S3 UcmUcsi;@UcmUcsi.inf,%UcmUcsi.ServiceName%;USB Connector Manager UCSI Client; C:\WINDOWS\System32\drivers\UcmUcsi.sys [2016-07-16 50688]
S3 UdeCx;USB Device Emulation Support Library; C:\WINDOWS\system32\drivers\udecx.sys [2016-07-16 45568]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AppHostSvc;@%windir%\system32\inetsrv\iisres.dll,-30011; C:\WINDOWS\system32\svchost.exe [2016-07-16 44496]
R2 CDPSvc;@%SystemRoot%\system32\cdpsvc.dll,-100; C:\WINDOWS\system32\svchost.exe [2016-07-16 44496]
R2 CDPUserSvc_1915a7f;CDPUserSvc_1915a7f; C:\WINDOWS\system32\svchost.exe [2016-07-16 44496]
R2 ClickToRunSvc;Služba Klikni a spusti balíka Microsoft Office; C:\PROGRAM FILES\MICROSOFT OFFICE 15\CLIENTX64\OFFICECLICKTORUN.EXE [2016-11-01 3042032]
R2 CoreMessagingRegistrar;@%SystemRoot%\system32\coremessaging.dll,-1; C:\WINDOWS\system32\svchost.exe [2016-07-16 44496]
R2 DiagTrack;@%SystemRoot%\system32\diagtrack.dll,-3001; C:\WINDOWS\System32\svchost.exe [2016-07-16 44496]
R2 DoSvc;@%systemroot%\system32\dosvc.dll,-100; C:\WINDOWS\system32\svchost.exe [2016-07-16 44496]
R2 fewojuji;Article Centered; C:\Program Files (x86)\368b2629-7a03-4729-9ab5-7b52dcab61d01483953004\kns8F9A.tmp [2017-01-09 460800]
R2 HPSIService;HP SI Service; C:\WINDOWS\SYSTEM32\HPSISVC.EXE [2010-04-07 127800]
R2 MSMQ;@mqutil.dll,-6102; C:\WINDOWS\system32\mqsvc.exe [2016-08-07 26112]
R2 NetMsmqActivator;@%systemroot%\Microsoft.NET\Framework64\v4.0.30319\ServiceModelInstallRC.dll,-8195; C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2016-07-16 136360]
R2 NetPipeActivator;@%systemroot%\Microsoft.NET\Framework64\v4.0.30319\ServiceModelInstallRC.dll,-8197; C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2016-07-16 136360]
R2 NVDisplay.ContainerLocalSystem;NVIDIA Display Container LS; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [2016-10-25 458176]
R2 NvNetworkService;NVIDIA Network Service; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2016-06-15 1881144]
R2 NvStreamSvc;NVIDIA Streamer Service; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2016-06-15 2522680]
R2 OneSyncSvc_1915a7f;Sync Host_1915a7f; C:\WINDOWS\system32\svchost.exe [2016-07-16 44496]
R2 Qotackcoaback;Qotackcoaback; C:\WINDOWS\system32\svchost.exe [2016-07-16 44496]
R2 SaFiSvc;Local Media Service; C:\WINDOWS\System32\svchost.exe [2016-07-16 44496]
R2 ST2012_Svc;Spyware Terminator 2012 Realtime Shield Service; C:\Program Files (x86)\Spyware Terminator\st_rsser64.exe [2015-12-10 3267408]
R2 tiledatamodelsvc;@%SystemRoot%\system32\tileobjserver.dll,-1; C:\WINDOWS\system32\svchost.exe [2016-07-16 44496]
R3 BBUpdate;BBUpdate; C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\SeaPort.exe [2012-01-25 240408]
R3 LicenseManager;@%SystemRoot%\system32\licensemanagersvc.dll,-200; C:\WINDOWS\System32\svchost.exe [2016-07-16 44496]
R3 NvStreamNetworkSvc;NVIDIA Streamer Network Service; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [2016-06-15 3634232]
R3 PimIndexMaintenanceSvc_1915a7f;Kontaktné údaje_1915a7f; C:\WINDOWS\system32\svchost.exe [2016-07-16 44496]
R3 StateRepository;@%SystemRoot%\system32\windows.staterepository.dll,-1; C:\WINDOWS\system32\svchost.exe [2016-07-16 44496]
R3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2016-12-20 1467168]
R3 TimeBrokerSvc;@%windir%\system32\TimeBrokerServer.dll,-1001; C:\WINDOWS\system32\svchost.exe [2016-07-16 44496]
S2 BBSvc;BingBar Service; C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\BBSvc.exe [2012-01-25 192792]
S2 CDPUserSvc;@%SystemRoot%\system32\cdpusersvc.dll,-100; C:\WINDOWS\system32\svchost.exe [2016-07-16 44496]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-11-08 144200]
S2 KMService;KMService; C:\WINDOWS\syswow64\srvany.exe [2014-12-30 8192]
S2 MapsBroker;@%SystemRoot%\System32\moshost.dll,-100; C:\WINDOWS\System32\svchost.exe [2016-07-16 44496]
S2 NetTcpActivator;@%systemroot%\Microsoft.NET\Framework64\v4.0.30319\ServiceModelInstallRC.dll,-8199; C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2016-07-16 136360]
S2 OneSyncSvc;@%SystemRoot%\system32\APHostRes.dll,-10002; C:\WINDOWS\system32\svchost.exe [2016-07-16 44496]
S2 SkypeUpdate;Skype Updater; D:\Program Files (x86)\Skype\Updater\Updater.exe [2015-01-02 315488]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2014-11-26 68096]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-12-15 270936]
S3 AJRouter;@%SystemRoot%\system32\AJRouter.dll,-2; C:\WINDOWS\system32\svchost.exe [2016-07-16 44496]
S3 aspnet_state;@%SystemRoot%\Microsoft.NET\Framework64\v4.0.30319\aspnet_rc.dll,-1; C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2016-07-16 52920]
S3 BthHFSrv;@%SystemRoot%\System32\BthHFSrv.dll,-103; C:\WINDOWS\System32\svchost.exe [2016-07-16 44496]
S3 ClipSVC;@%SystemRoot%\system32\ClipSVC.dll,-103; C:\WINDOWS\System32\svchost.exe [2016-07-16 44496]
S3 DcpSvc;@%SystemRoot%\system32\dcpsvc.dll,-3001; C:\WINDOWS\System32\svchost.exe [2016-07-16 44496]
S3 DevQueryBroker;@%SystemRoot%\system32\DevQueryBroker.dll,-100; C:\WINDOWS\system32\svchost.exe [2016-07-16 44496]
S3 diagnosticshub.standardcollector.service;@%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000; C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe [2016-07-16 93184]
S3 Disc Soft Bus Service;Disc Soft Bus Service; d:\Program Files (x86)\DAEMON Tools Pro\DiscSoftBusService.exe []
S3 DmEnrollmentSvc;@%systemroot%\system32\Windows.Internal.Management.dll,-100; C:\WINDOWS\system32\svchost.exe [2016-07-16 44496]
S3 dmwappushservice;@%SystemRoot%\system32\dmwappushsvc.dll,-200; C:\WINDOWS\system32\svchost.exe [2016-07-16 44496]
S3 DsSvc;@%SystemRoot%\system32\dssvc.dll,-10003; C:\WINDOWS\System32\svchost.exe [2016-07-16 44496]
S3 embeddedmode;@%SystemRoot%\system32\embeddedmodesvc.dll,-201; C:\WINDOWS\System32\svchost.exe [2016-07-16 44496]
S3 EntAppSvc;@EnterpriseAppMgmtSvc.dll,-1; C:\WINDOWS\system32\svchost.exe [2016-07-16 44496]
S3 FontCache3.0.0.0;@%SystemRoot%\system32\PresentationHost.exe,-3309; C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [2016-05-25 43696]
S3 FrameServer;@%systemroot%\system32\FrameServer.dll,-100; C:\WINDOWS\System32\svchost.exe [2016-07-16 44496]
S3 GalaxyClientService;GalaxyClientService; C:\Program Files (x86)\GalaxyClient\GalaxyClientService.exe [2016-12-20 284224]
S3 GalaxyCommunication;GalaxyCommunication; C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe [2016-11-10 6625856]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-11-08 144200]
S3 HvHost;@%SystemRoot%\system32\hvhostsvc.dll,-100; C:\WINDOWS\system32\svchost.exe [2016-07-16 44496]
S3 icssvc;@%SystemRoot%\System32\tetheringservice.dll,-4097; C:\WINDOWS\system32\svchost.exe [2016-07-16 44496]
S3 irmon;@%SystemRoot%\System32\irmon.dll,-2000; C:\WINDOWS\system32\svchost.exe [2016-07-16 44496]
S3 MessagingService;@%SystemRoot%\system32\MessagingService.dll,-100; C:\WINDOWS\system32\svchost.exe [2016-07-16 44496]
S3 MessagingService_1915a7f;MessagingService_1915a7f; C:\WINDOWS\system32\svchost.exe [2016-07-16 44496]
S3 NetSetupSvc;@%SystemRoot%\system32\NetSetupSvc.dll,-3; C:\WINDOWS\System32\svchost.exe [2016-07-16 44496]
S3 NgcCtnrSvc;@%SystemRoot%\System32\NgcCtnrSvc.dll,-1; C:\WINDOWS\system32\svchost.exe [2016-07-16 44496]
S3 NgcSvc;@%SystemRoot%\System32\ngcsvc.dll,-100; C:\WINDOWS\system32\svchost.exe [2016-07-16 44496]
S3 Origin Client Service;Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2015-09-20 2057736]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2015-02-24 150600]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2015-02-24 5132888]
S3 PhoneSvc;@%SystemRoot%\system32\PhoneserviceRes.dll,-10000; C:\WINDOWS\system32\svchost.exe [2016-07-16 44496]
S3 PimIndexMaintenanceSvc;@%SystemRoot%\system32\UserDataAccessRes.dll,-15001; C:\WINDOWS\system32\svchost.exe [2016-07-16 44496]
S3 RetailDemo;@%SystemRoot%\System32\RDXService.dll,-256; C:\WINDOWS\System32\svchost.exe [2016-07-16 44496]
S3 RmSvc;@%SystemRoot%\system32\RMapi.dll,-1001; C:\WINDOWS\System32\svchost.exe [2016-07-16 44496]
S3 SensorDataService;@%SystemRoot%\system32\SensorDataService.exe,-101; C:\WINDOWS\System32\SensorDataService.exe [2016-09-07 1312768]
S3 SensorService;@%SystemRoot%\System32\sensorservice.dll,-1000; C:\WINDOWS\system32\svchost.exe [2016-07-16 44496]
S3 SmsRouter;@%SystemRoot%\System32\SmsRouterSvc.dll,-10001; C:\WINDOWS\system32\svchost.exe [2016-07-16 44496]
S3 TieringEngineService;@%SystemRoot%\system32\TieringEngineService.exe,-702; C:\WINDOWS\system32\TieringEngineService.exe [2016-07-16 287744]
S4 shpamsvc;@%SystemRoot%\System32\Windows.SharedPC.AccountManager.dll,-100; C:\WINDOWS\System32\svchost.exe [2016-07-16 44496]
S4 tzautoupdate;@%SystemRoot%\system32\tzautoupdate.dll,-200; C:\WINDOWS\system32\svchost.exe [2016-07-16 44496]

-----------------EOF-----------------

Re: FIrefox mi otvára nežiadúce web stránky

Napsal: 10 led 2017 17:41
od altrok
Krasny den Vam preju :bye:


:arrow: V ramci cisteni Vam budou vyprazdneny docasne adresare (vysypani Kose a tempu, vyprazdneni cache prohlizecu apod.).


:arrow: Dejte logy FRST.txt a Addition.txt - http://forum.viry.cz/viewtopic.php?f=30&t=133101
Pokud budete mit problemy se stazenim FRSTLauncheru, staci kdyz pouzijete samotny FRST.exe/FRST64.exe.

Re: FIrefox mi otvára nežiadúce web stránky

Napsal: 10 led 2017 17:52
od Zanzdm
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 08-01-2017
Ran by HF (administrator) on HF-PC (10-01-2017 17:45:41)
Running from C:\Users\HF\Downloads
Loaded Profiles: HF (Available Profiles: HF & DefaultAppPool)
Platform: Windows 10 Home Version 1607 (X64) Language: Slovenčina (Slovensko)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(HP) C:\Windows\System32\HPSIsvc.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Crawler Group, LLC) C:\Program Files (x86)\Spyware Terminator\st_rsser64.exe
(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler64.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\SeaPort.EXE
() C:\Program Files (x86)\368b2629-7a03-4729-9ab5-7b52dcab61d01483953004\kns8F9A.tmp
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.145.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Crawler Group, LLC) C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Crawler Group, LLC) C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 4620 series\Bin\ScanToPCActivationApp.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
() C:\Program Files\NERH5YV48N\NERH5YV48.exe
() C:\Program Files\XGA2TBQJOS\XGA2TBQJO.exe
() C:\Program Files\VOXR3SMG36\VOXR3SMG3.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(GOG.com) C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(GOG.com) C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe
(GOG.com) C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe
(GOG.com) C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(Mozilla Corporation) D:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Ghisler Software GmbH) D:\Program Files (x86)\Total Commander 64bit 8.0\TOTALCMD64.EXE
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2398776 2016-06-15] (NVIDIA Corporation)
HKLM\...\Run: [SpywareTerminatorShield] => C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe [5318992 2015-12-10] (Crawler Group, LLC)
HKLM\...\Run: [SpywareTerminatorUpdater] => C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe [5557584 2015-12-10] (Crawler Group, LLC)
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2016-09-07] (Microsoft Corporation)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-12] (Logitech Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [598552 2016-06-22] (Oracle Corporation)
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKU\S-1-5-21-4039880186-1844316042-2073029014-1000\...\Run: [Facebook Update] => C:\Users\HF\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2014-12-07] (Facebook Inc.)
HKU\S-1-5-21-4039880186-1844316042-2073029014-1000\...\Run: [HP Deskjet 4620 series (NET)] => C:\Program Files\HP\HP Deskjet 4620 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-4039880186-1844316042-2073029014-1000\...\Run: [GalaxyClient] => C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe [3971648 2016-12-20] (GOG.com)
HKU\S-1-5-21-4039880186-1844316042-2073029014-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2876704 2016-12-20] (Valve Corporation)
HKU\S-1-5-21-4039880186-1844316042-2073029014-1000\...\Run: [CCleaner Monitoring] => D:\Program Files (x86)\Ccleaner\CCleaner64.exe [7394584 2014-12-12] (Piriform Ltd)
HKU\S-1-5-21-4039880186-1844316042-2073029014-1000\...\Run: [J9J4WH4S6Y] => C:\Program Files\NERH5YV48N\NERH5YV48.exe [369664 2017-01-09] ()
HKU\S-1-5-21-4039880186-1844316042-2073029014-1000\...\Run: [DN0BOLUB1H] => C:\Program Files\XGA2TBQJOS\XGA2TBQJO.exe [369664 2017-01-09] ()
HKU\S-1-5-21-4039880186-1844316042-2073029014-1000\...\Run: [RB26CLMKZL] => C:\Program Files\VOXR3SMG36\VOXR3SMG3.exe [369664 2017-01-09] ()
HKU\S-1-5-18\...\Run: [] => 0
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\HF\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\amd64\FileSyncShell64.dll [2016-08-07] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\HF\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\amd64\FileSyncShell64.dll [2016-08-07] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\HF\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\amd64\FileSyncShell64.dll [2016-08-07] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\HF\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\FileSyncShell.dll [2016-08-07] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\HF\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\FileSyncShell.dll [2016-08-07] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\HF\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\FileSyncShell.dll [2016-08-07] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk [2014-11-26]
ShortcutTarget: Adobe Gamma Loader.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\Users\HF\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Odoslanie do programu OneNote.lnk [2015-07-10]
ShortcutTarget: Odoslanie do programu OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.100.1
Tcpip\..\Interfaces\{aeaadf67-9893-4422-af13-2bc8efd56a19}: [DhcpNameServer] 192.168.100.1

Internet Explorer:
==================
HKU\S-1-5-21-4039880186-1844316042-2073029014-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2016-10-11] (Microsoft Corporation)
BHO: Spyware Terminator 2015 Internet Guard -> {82A76710-4F98-4957-92BE-99648A4E2475} -> C:\Program Files (x86)\Spyware Terminator\STInternetGuard64.dll [2015-07-28] (Crawler Group, LLC)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2016-11-01] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2016-11-01] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\ssv.dll [2016-09-04] (Oracle Corporation)
BHO-x32: Spyware Terminator 2015 Internet Guard -> {82A76710-4F98-4957-92BE-99648A4E2475} -> C:\Program Files (x86)\Spyware Terminator\STInternetGuard.dll [2015-07-28] (Crawler Group, LLC)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\jp2ssv.dll [2016-09-04] (Oracle Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2016-04-20] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\HF\AppData\Roaming\Mozilla\Firefox\naweriweentcofise\Profiles\fwuohxmc.default\Profiles\fwuohxmc.default [not found]
FF ProfilePath: C:\Users\HF\AppData\Roaming\Mozilla\Firefox\Profiles\fwuohxmc.default [2017-01-10]
FF Session Restore: Mozilla\Firefox\Profiles\fwuohxmc.default -> is enabled.
FF Extension: (Garmin Communicator) - C:\Users\HF\AppData\Roaming\Mozilla\Firefox\Profiles\fwuohxmc.default\Extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E} [2015-12-29]
FF Extension: (Adblock Plus) - C:\Users\HF\AppData\Roaming\Mozilla\Firefox\Profiles\fwuohxmc.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-11-25]
FF SearchPlugin: C:\Users\HF\AppData\Roaming\Mozilla\Firefox\Profiles\fwuohxmc.default\searchplugins\google-default.xml [2015-01-21]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_24_0_0_186.dll [2016-12-15] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWoW64\Macromed\Flash\NPSWF32_24_0_0_186.dll [2016-12-15] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2016-10-06] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\dtplugin\npDeployJava1.dll [2016-09-04] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\plugin2\npjp2.dll [2016-09-04] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-03-28] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-10-25] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-10-25] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-28] (Google Inc.)
FF Plugin HKU\S-1-5-21-4039880186-1844316042-2073029014-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\HF\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [68096 2014-11-26] () [File not signed]
R2 ClickToRunSvc; C:\PROGRAM FILES\MICROSOFT OFFICE 15\CLIENTX64\OFFICECLICKTORUN.EXE [3042032 2016-11-01] (Microsoft Corporation)
R2 fewojuji; C:\Program Files (x86)\368b2629-7a03-4729-9ab5-7b52dcab61d01483953004\kns8F9A.tmp [460800 2017-01-09] () [File not signed]
S3 GalaxyClientService; C:\Program Files (x86)\GalaxyClient\GalaxyClientService.exe [284224 2016-12-20] (GOG.com)
S3 GalaxyCommunication; C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe [6625856 2016-11-10] (GOG.com)
S2 KMService; C:\Windows\SysWOW64\srvany.exe [8192 2014-12-30] () [File not signed]
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [458176 2016-10-25] (NVIDIA Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1881144 2016-06-15] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [3634232 2016-06-15] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2522680 2016-06-15] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2057736 2015-09-20] (Electronic Arts)
R2 Qotackcoaback; C:\Program Files (x86)\Arorit\drhcnf.dll [178688 2017-01-09] () [File not signed]
R2 SaFiSvc; C:\Program Files\SaFiPlayer\SaFiSvc.dll [324336 2017-01-03] ()
S2 SkypeUpdate; D:\Program Files (x86)\Skype\Updater\Updater.exe [315488 2015-01-02] (Skype Technologies)
R2 ST2012_Svc; C:\Program Files (x86)\Spyware Terminator\st_rsser64.exe [3267408 2015-12-10] (Crawler Group, LLC)
R2 VIAKaraokeService; C:\WINDOWS\system32\viakaraokesrv.exe [36504 2015-06-22] (VIA Technologies, Inc.)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
S3 Disc Soft Bus Service; "d:\Program Files (x86)\DAEMON Tools Pro\DiscSoftBusService.exe" [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [130688 2016-07-22] (Samsung Electronics Co., Ltd.)
R3 dtldrvhelp; c:\program files\safiplayer\dtldrvhelp64.sys [58960 2016-12-29] ()
S3 dtproscsibus; C:\WINDOWS\System32\drivers\dtproscsibus.sys [30264 2016-08-21] (Disc Soft Ltd)
S3 dtscsibus; C:\WINDOWS\System32\DRIVERS\dtscsibus.sys [29864 2015-01-28] (Disc Soft Ltd)
S3 dtsoftbus01; C:\WINDOWS\System32\DRIVERS\dtsoftbus01.sys [283064 2015-01-21] (Disc Soft Ltd)
R1 HWiNFO32; D:\Program Files (x86)\HWiNFO64\HWiNFO64A.SYS [30592 2012-05-10] (REALiX(tm))
R3 MTsensor; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [17280 2013-05-17] ()
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_848dea456d3c865e\nvlddmkm.sys [14159928 2016-10-26] (NVIDIA Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [28216 2016-06-15] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [56384 2016-04-14] (NVIDIA Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [589824 2016-07-16] (Realtek )
R2 sp_rsdrv2; C:\WINDOWS\System32\DRIVERS\stflt.sys [51496 2014-11-22] (Windows (R) Win 7 DDK provider)
R3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [164992 2016-07-22] (Samsung Electronics Co., Ltd.)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
R2 WinDivert1.2; C:\WINDOWS\system32\drivers\WinDivert64.sys [37552 2017-01-09] (Basil)
U3 idsvc; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-01-10 17:45 - 2017-01-10 17:46 - 00018344 _____ C:\Users\HF\Downloads\FRST.txt
2017-01-10 17:45 - 2017-01-10 17:45 - 00000000 ____D C:\FRST
2017-01-10 17:44 - 2017-01-10 17:44 - 02419200 _____ (Farbar) C:\Users\HF\Downloads\FRST64.exe
2017-01-10 17:01 - 2017-01-10 17:02 - 00000000 ____D C:\rsit
2017-01-10 17:01 - 2017-01-10 17:02 - 00000000 ____D C:\Program Files\trend micro
2017-01-10 17:01 - 2017-01-10 17:01 - 01222144 _____ C:\Users\HF\Downloads\RSITx64.exe
2017-01-09 13:42 - 2017-01-09 13:43 - 00000000 ____D C:\Users\HF\AppData\Local\1F0089A0-1483969372-0200-80C2-20CF304CE39F
2017-01-09 13:09 - 2017-01-09 13:10 - 00017346 _____ C:\WINDOWS\ntbtlog.txt
2017-01-09 12:57 - 2017-01-09 12:57 - 00000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2017-01-09 11:46 - 2017-01-09 12:04 - 00000000 ____D C:\Users\HF\AppData\Roaming\Gireshckcge
2017-01-09 11:46 - 2017-01-09 11:46 - 00000000 ____D C:\Program Files (x86)\Zohtckileied Configuration
2017-01-09 11:46 - 2017-01-09 11:46 - 00000000 ____D C:\Program Files (x86)\Anomusyercit
2017-01-09 10:20 - 2017-01-09 10:20 - 00000000 ____D C:\Program Files\VOXR3SMG36
2017-01-09 10:17 - 2017-01-09 10:17 - 00000000 ____D C:\Users\HF\AppData\Local\Presowardanahotion
2017-01-09 10:11 - 2017-01-09 11:48 - 00000000 ____D C:\Users\HF\AppData\Local\app
2017-01-09 10:11 - 2017-01-09 10:50 - 00000000 ____D C:\Program Files (x86)\mpck
2017-01-09 10:11 - 2017-01-09 10:11 - 00000000 ____D C:\Program Files\XGA2TBQJOS
2017-01-09 10:11 - 2017-01-09 10:11 - 00000000 ____D C:\Program Files\NERH5YV48N
2017-01-09 10:11 - 2017-01-09 10:11 - 00000000 ____D C:\Program Files (x86)\baidu
2017-01-09 10:10 - 2017-01-10 15:50 - 00000000 ____D C:\Program Files (x86)\368b2629-7a03-4729-9ab5-7b52dcab61d01483953004
2017-01-09 10:10 - 2017-01-09 10:50 - 00000000 ____D C:\Program Files\RunBooster
2017-01-09 10:10 - 2017-01-09 10:10 - 00037552 _____ (Basil) C:\WINDOWS\system32\Drivers\WinDivert64.sys
2017-01-09 10:10 - 2017-01-09 10:10 - 00000334 _____ C:\Users\HF\Desktop\Booking.com.url
2017-01-09 10:10 - 2017-01-09 10:10 - 00000329 _____ C:\Users\HF\Desktop\AliExpress.url
2017-01-09 10:10 - 2017-01-09 10:10 - 00000000 _____ C:\TOSTACK
2017-01-09 10:08 - 2017-01-09 10:49 - 00000000 ____D C:\ProgramData\Microleaves
2017-01-09 10:07 - 2017-01-09 10:13 - 00000000 ____D C:\ProgramData\SaFiPlayer
2017-01-09 10:07 - 2017-01-09 10:07 - 00000954 _____ C:\Users\HF\AppData\Roaming\coreavc.ini
2017-01-09 10:07 - 2017-01-09 10:07 - 00000000 ___HD C:\Users\Public\Device
2017-01-09 10:06 - 2017-01-09 13:02 - 00000000 ____D C:\Program Files (x86)\UCBrowser
2017-01-09 10:06 - 2017-01-09 11:08 - 00002652 _____ C:\WINDOWS\System32\Tasks\UCBrowserUpdaterCore
2017-01-09 10:06 - 2017-01-09 10:06 - 00003476 _____ C:\WINDOWS\System32\Tasks\UCBrowserSecureUpdater
2017-01-09 10:06 - 2017-01-09 10:06 - 00003474 _____ C:\WINDOWS\System32\Tasks\UCBrowserUpdater
2017-01-09 10:06 - 2017-01-09 10:06 - 00000000 ____D C:\Users\HF\AppData\Local\UCBrowser
2017-01-09 10:06 - 2017-01-09 10:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SaFiPlayer
2017-01-09 10:06 - 2017-01-09 10:06 - 00000000 ____D C:\Program Files\SaFiPlayer
2017-01-09 10:05 - 2017-01-09 10:49 - 00000000 ____D C:\Program Files (x86)\Microleaves
2017-01-09 10:05 - 2017-01-09 10:05 - 00001167 _____ C:\Users\HF\Desktop\AutoTime.lnk
2017-01-09 10:05 - 2017-01-09 10:05 - 00000000 ____D C:\Users\Default\AppData\Local\AdvinstAnalytics
2017-01-09 10:05 - 2017-01-09 10:05 - 00000000 ____D C:\Users\Default User\AppData\Local\AdvinstAnalytics
2017-01-09 10:04 - 2017-01-09 10:50 - 00000000 ____D C:\Users\HF\AppData\Roaming\Arolertainmekeing
2017-01-09 10:04 - 2017-01-09 10:15 - 00000000 ____D C:\Program Files (x86)\Arorit
2017-01-09 10:04 - 2017-01-09 10:05 - 00000000 ____D C:\Users\HF\AppData\Roaming\Microleaves
2017-01-09 10:04 - 2017-01-09 10:04 - 00000000 ____D C:\Users\HF\AppData\Local\Kerfesydcale
2016-12-31 17:54 - 2016-12-31 17:54 - 00000000 ____D C:\Users\HF\AppData\LocalLow\Artplant
2016-12-31 17:49 - 2016-12-31 17:51 - 00000000 ____D C:\Users\HF\Documents\GrimmDarkLegacy
2016-12-31 17:49 - 2016-12-31 17:49 - 00000000 ____D C:\Users\HF\Documents\SkidRow
2016-12-28 22:27 - 2016-12-28 22:27 - 00000000 ____D C:\Users\HF\AppData\Roaming\Amanita-Design.Samorost3
2016-12-25 18:51 - 2016-12-25 18:51 - 00000000 ____D C:\Users\HF\AppData\LocalLow\Zadbox Entertainment
2016-12-21 20:53 - 2016-12-21 20:53 - 00024574 _____ C:\Users\HF\Desktop\66907082.jpg
2016-12-16 01:43 - 2016-12-16 01:43 - 00013905 _____ C:\Users\HF\Documents\DM Freestate.docx
2016-12-14 21:29 - 2016-12-09 11:42 - 01637728 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2016-12-14 21:29 - 2016-12-09 11:42 - 00137568 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2016-12-14 21:29 - 2016-12-09 11:34 - 01051112 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2016-12-14 21:29 - 2016-12-09 11:34 - 00894096 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2016-12-14 21:29 - 2016-12-09 11:33 - 01354320 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2016-12-14 21:29 - 2016-12-09 11:33 - 01173496 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2016-12-14 21:29 - 2016-12-09 11:32 - 07816032 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-12-14 21:29 - 2016-12-09 11:30 - 00377184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2016-12-14 21:29 - 2016-12-09 11:29 - 02681200 _____ C:\WINDOWS\system32\CoreUIComponents.dll
2016-12-14 21:29 - 2016-12-09 11:28 - 00764392 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2016-12-14 21:29 - 2016-12-09 11:27 - 00172528 _____ (Microsoft Corporation) C:\WINDOWS\system32\sspicli.dll
2016-12-14 21:29 - 2016-12-09 11:20 - 02677544 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2016-12-14 21:29 - 2016-12-09 11:20 - 02189664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-12-14 21:29 - 2016-12-09 11:20 - 01738560 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2016-12-14 21:29 - 2016-12-09 11:20 - 00658784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2016-12-14 21:29 - 2016-12-09 11:20 - 00402272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2016-12-14 21:29 - 2016-12-09 11:19 - 01293152 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2016-12-14 21:29 - 2016-12-09 11:19 - 00168424 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcrypt.dll
2016-12-14 21:29 - 2016-12-09 11:18 - 02913144 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2016-12-14 21:29 - 2016-12-09 11:18 - 01267512 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
2016-12-14 21:29 - 2016-12-09 11:18 - 01100128 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2016-12-14 21:29 - 2016-12-09 11:18 - 00989024 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2016-12-14 21:29 - 2016-12-09 11:18 - 00947552 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.efi
2016-12-14 21:29 - 2016-12-09 11:18 - 00811872 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.exe
2016-12-14 21:29 - 2016-12-09 11:18 - 00624048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-12-14 21:29 - 2016-12-09 11:15 - 08168000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2016-12-14 21:29 - 2016-12-09 11:15 - 01988560 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2016-12-14 21:29 - 2016-12-09 11:14 - 01274712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2016-12-14 21:29 - 2016-12-09 11:14 - 00241504 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll
2016-12-14 21:29 - 2016-12-09 11:11 - 02048496 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2016-12-14 21:29 - 2016-12-09 11:10 - 01572768 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2016-12-14 21:29 - 2016-12-09 11:10 - 01461200 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2016-12-14 21:29 - 2016-12-09 11:09 - 00455520 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2016-12-14 21:29 - 2016-12-09 11:01 - 02323728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2016-12-14 21:29 - 2016-12-09 11:01 - 01503544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2016-12-14 21:29 - 2016-12-09 11:01 - 00861024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2016-12-14 21:29 - 2016-12-09 11:00 - 00106896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcrypt.dll
2016-12-14 21:29 - 2016-12-09 10:59 - 02166752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2016-12-14 21:29 - 2016-12-09 10:59 - 00846560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll
2016-12-14 21:29 - 2016-12-09 10:57 - 06668040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2016-12-14 21:29 - 2016-12-09 10:57 - 01852720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2016-12-14 21:29 - 2016-12-09 10:56 - 00959112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2016-12-14 21:29 - 2016-12-09 10:52 - 01435896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2016-12-14 21:29 - 2016-12-09 10:52 - 01415752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2016-12-14 21:29 - 2016-12-09 10:51 - 00117240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sspicli.dll
2016-12-14 21:29 - 2016-12-09 10:47 - 22563328 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-12-14 21:29 - 2016-12-09 10:45 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2016-12-14 21:29 - 2016-12-09 10:45 - 00040448 _____ (Microsoft Corporation) C:\WINDOWS\system32\WordBreakers.dll
2016-12-14 21:29 - 2016-12-09 10:42 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdd.dll
2016-12-14 21:29 - 2016-12-09 10:41 - 00380928 _____ (Microsoft Corporation) C:\WINDOWS\system32\wincorlib.dll
2016-12-14 21:29 - 2016-12-09 10:41 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WordBreakers.dll
2016-12-14 21:29 - 2016-12-09 10:40 - 00147968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys
2016-12-14 21:29 - 2016-12-09 10:38 - 00324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll
2016-12-14 21:29 - 2016-12-09 10:37 - 00411136 _____ (Microsoft Corporation) C:\WINDOWS\system32\facecredentialprovider.dll
2016-12-14 21:29 - 2016-12-09 10:37 - 00261632 _____ (Microsoft Corporation) C:\WINDOWS\system32\indexeddbserver.dll
2016-12-14 21:29 - 2016-12-09 10:37 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2016-12-14 21:29 - 2016-12-09 10:36 - 06285312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2016-12-14 21:29 - 2016-12-09 10:36 - 03059200 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2016-12-14 21:29 - 2016-12-09 10:36 - 00425984 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2016-12-14 21:29 - 2016-12-09 10:36 - 00410112 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2016-12-14 21:29 - 2016-12-09 10:36 - 00231936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.LockScreen.dll
2016-12-14 21:29 - 2016-12-09 10:34 - 00822784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2016-12-14 21:29 - 2016-12-09 10:34 - 00288768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wincorlib.dll
2016-12-14 21:29 - 2016-12-09 10:33 - 03777536 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2016-12-14 21:29 - 2016-12-09 10:33 - 01589760 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdtctm.dll
2016-12-14 21:29 - 2016-12-09 10:32 - 00635904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2016-12-14 21:29 - 2016-12-09 10:31 - 03689984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2016-12-14 21:29 - 2016-12-09 10:31 - 00313856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2016-12-14 21:29 - 2016-12-09 10:31 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\indexeddbserver.dll
2016-12-14 21:29 - 2016-12-09 10:30 - 23677952 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-12-14 21:29 - 2016-12-09 10:30 - 19413504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-12-14 21:29 - 2016-12-09 10:30 - 04612608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2016-12-14 21:29 - 2016-12-09 10:29 - 04749312 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2016-12-14 21:29 - 2016-12-09 10:28 - 03306496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2016-12-14 21:29 - 2016-12-09 10:28 - 01004544 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2016-12-14 21:29 - 2016-12-09 10:27 - 19417088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-12-14 21:29 - 2016-12-09 10:27 - 13084160 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-12-14 21:29 - 2016-12-09 10:27 - 05114368 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2016-12-14 21:29 - 2016-12-09 10:27 - 00981504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.OnlineId.dll
2016-12-14 21:29 - 2016-12-09 10:26 - 08129536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-12-14 21:29 - 2016-12-09 10:26 - 01692672 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2016-12-14 21:29 - 2016-12-09 10:25 - 00376832 _____ (Microsoft Corporation) C:\WINDOWS\system32\CryptoWinRT.dll
2016-12-14 21:29 - 2016-12-09 10:24 - 02275840 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2016-12-14 21:29 - 2016-12-09 10:23 - 12177920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-12-14 21:29 - 2016-12-09 10:22 - 02820096 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2016-12-14 21:29 - 2016-12-09 10:22 - 02688512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2016-12-14 21:29 - 2016-12-09 10:22 - 01490944 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-12-14 21:29 - 2016-12-09 10:21 - 04746752 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-12-14 21:29 - 2016-12-09 10:21 - 03616768 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-12-14 21:29 - 2016-12-09 10:21 - 01512960 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2016-12-14 21:29 - 2016-12-09 10:21 - 00716800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ShareHost.dll
2016-12-14 21:29 - 2016-12-09 10:20 - 06044160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-12-14 21:29 - 2016-12-09 10:20 - 03198464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2016-12-14 21:29 - 2016-12-09 10:20 - 00730624 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2016-12-14 21:29 - 2016-12-09 10:20 - 00187392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll
2016-12-14 21:29 - 2016-12-09 10:20 - 00172544 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe
2016-12-14 21:29 - 2016-12-09 10:19 - 01121280 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2016-12-14 21:29 - 2016-12-09 10:19 - 00433664 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2016-12-14 21:29 - 2016-12-09 10:19 - 00261120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2016-12-14 21:29 - 2016-12-09 10:19 - 00119296 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputLocaleManager.dll
2016-12-14 21:29 - 2016-12-09 10:19 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditBufferTestHook.dll
2016-12-14 21:29 - 2016-12-09 10:18 - 03666432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-12-14 21:29 - 2016-12-09 10:18 - 02138112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2016-12-14 21:29 - 2016-12-09 10:18 - 00165376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mdmregistration.dll
2016-12-14 21:29 - 2016-12-09 10:17 - 00886272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2016-12-14 21:29 - 2016-12-09 10:17 - 00566784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ShareHost.dll
2016-12-14 21:29 - 2016-12-09 10:16 - 02998272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2016-12-14 21:29 - 2016-12-09 10:16 - 01880576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2016-12-14 21:29 - 2016-12-09 10:16 - 00353280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TextInputFramework.dll
2016-12-14 21:29 - 2016-12-09 10:15 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
2016-12-14 21:29 - 2016-12-09 10:15 - 00092672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputLocaleManager.dll
2016-12-14 21:29 - 2016-12-09 10:15 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EditBufferTestHook.dll
2016-12-14 21:29 - 2016-12-09 09:54 - 00483840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2016-12-14 21:29 - 2016-11-02 11:28 - 00807424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.OnlineId.dll
2016-12-14 21:29 - 2016-11-02 11:25 - 00956416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2016-12-14 21:29 - 2016-09-15 17:36 - 00216576 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapibase.dll
2016-12-13 13:05 - 2016-12-13 13:05 - 00000000 ____D C:\Users\HF\AppData\Local\Chromium

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-01-10 15:58 - 2015-05-25 19:21 - 00000000 ____D C:\Program Files (x86)\Steam
2017-01-10 15:56 - 2016-07-16 12:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-01-10 15:56 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-01-10 15:54 - 2016-11-18 00:44 - 00000000 ____D C:\Users\HF\AppData\LocalLow\Mozilla
2017-01-09 21:27 - 2014-11-23 21:55 - 00000000 ____D C:\Users\HF\AppData\Roaming\vlc
2017-01-09 20:08 - 2016-08-07 10:01 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-01-09 15:26 - 2014-11-22 23:25 - 00000000 ____D C:\ProgramData\Spyware Terminator
2017-01-09 15:25 - 2014-11-29 17:53 - 00000000 ____D C:\Users\HF\AppData\Local\NVIDIA Corporation
2017-01-09 15:25 - 2014-11-22 22:59 - 00000000 ____D C:\Users\HF\AppData\Local\NVIDIA
2017-01-09 14:19 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2017-01-09 13:18 - 2015-12-31 00:15 - 00000000 ____D C:\Users\HF\AppData\Local\CrashDumps
2017-01-09 13:17 - 2016-08-07 10:03 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2017-01-09 13:17 - 2016-08-07 10:03 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2017-01-09 13:17 - 2016-08-07 10:03 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2017-01-09 13:17 - 2014-11-29 17:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2017-01-09 13:12 - 2016-08-07 10:16 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-01-09 13:12 - 2016-08-07 10:03 - 00000000 ____D C:\ProgramData\NVIDIA
2017-01-09 13:07 - 2016-07-16 07:04 - 00524288 _____ C:\WINDOWS\system32\config\BBI
2017-01-09 12:57 - 2016-06-21 08:53 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-01-09 12:04 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\Web
2017-01-09 11:16 - 2016-07-16 12:47 - 00000000 ___SD C:\WINDOWS\Downloaded Program Files
2017-01-09 10:50 - 2016-07-16 12:49 - 00000000 ____D C:\WINDOWS\Setup
2017-01-09 10:32 - 2016-11-04 17:48 - 00000000 ____D C:\WINDOWS\Minidump
2017-01-08 21:18 - 2016-08-07 10:06 - 00000000 ____D C:\Users\HF
2017-01-08 19:08 - 2015-05-20 01:00 - 00000000 ____D C:\Users\HF\Documents\The Witcher 3
2017-01-06 15:37 - 2016-06-20 23:40 - 00000000 ____D C:\Users\HF\AppData\Local\Packages
2016-12-31 18:35 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\config\RegBack
2016-12-31 17:54 - 2014-11-22 22:47 - 00000000 ____D C:\Users\HF\AppData\LocalLow
2016-12-31 17:49 - 2014-11-22 22:47 - 00000000 ___RD C:\Users\HF\Documents
2016-12-28 06:31 - 2016-08-07 10:16 - 00003454 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2016-12-28 06:31 - 2016-08-07 10:16 - 00003330 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2016-12-23 22:04 - 2016-07-16 07:04 - 00000000 ____D C:\WINDOWS\system32\config
2016-12-20 22:28 - 2016-07-16 12:47 - 00000000 ___RD C:\WINDOWS\assembly
2016-12-20 22:28 - 2016-07-16 12:47 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-12-20 22:27 - 2015-03-28 22:18 - 00000000 ____D C:\Program Files\Microsoft Office 15
2016-12-20 17:43 - 2016-08-07 10:05 - 00524288 ___SH C:\WINDOWS\system32\config\COMPONENTS{f5b135e6-4b48-11e6-80cb-e41d2d012050}.TMContainer00000000000000000002.regtrans-ms
2016-12-20 17:43 - 2016-08-07 10:05 - 00065536 ___SH C:\WINDOWS\system32\config\COMPONENTS{f5b135e6-4b48-11e6-80cb-e41d2d012050}.TM.blf
2016-12-20 17:43 - 2016-07-16 07:04 - 45350912 _____ C:\WINDOWS\system32\config\COMPONENTS
2016-12-20 11:41 - 2015-05-19 22:05 - 00000000 ____D C:\Program Files (x86)\GalaxyClient
2016-12-16 13:06 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\rescache
2016-12-16 12:48 - 2016-08-07 10:05 - 00524288 ___SH C:\WINDOWS\system32\config\COMPONENTS{f5b135e6-4b48-11e6-80cb-e41d2d012050}.TMContainer00000000000000000001.regtrans-ms
2016-12-16 01:41 - 2016-07-16 07:04 - 00000000 ____D C:\WINDOWS\WinSxS
2016-12-15 17:38 - 2016-08-07 10:01 - 00341344 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-12-15 17:38 - 2014-12-12 13:28 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-12-15 01:09 - 2016-08-07 10:01 - 00524288 ___SH C:\WINDOWS\system32\config\DRIVERS{f5b135f1-4b48-11e6-80cb-e41d2d012050}.TMContainer00000000000000000001.regtrans-ms
2016-12-15 01:09 - 2016-08-07 10:01 - 00065536 ___SH C:\WINDOWS\system32\config\DRIVERS{f5b135f1-4b48-11e6-80cb-e41d2d012050}.TM.blf
2016-12-15 01:08 - 2016-07-16 12:47 - 00000796 ___SH C:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini
2016-12-15 01:08 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\SysWOW64\en-US
2016-12-15 01:08 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\en-US
2016-12-15 01:08 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\Boot
2016-12-15 01:08 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\ShellExperiences
2016-12-15 01:08 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\AppPatch
2016-12-15 01:08 - 2016-07-16 07:04 - 00000000 ____D C:\WINDOWS\system32\DriverStore
2016-12-15 01:03 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2016-12-15 01:03 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\Macromed
2016-12-14 21:54 - 2016-07-16 12:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-12-14 21:47 - 2014-11-22 22:56 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-12-14 21:43 - 2014-11-22 22:56 - 135632432 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-12-13 13:34 - 2016-10-02 14:14 - 02904940 _____ C:\Users\HF\Desktop\1s.xlsx
2016-12-13 13:05 - 2015-05-25 19:23 - 00000000 ____D C:\Users\HF\AppData\Local\Steam
2016-12-12 00:56 - 2016-07-16 12:49 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-12-12 00:56 - 2016-07-16 12:49 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-12-11 10:34 - 2016-07-16 12:45 - 00000000 ____D C:\WINDOWS\INF

==================== Files in the root of some directories =======

2017-01-09 10:10 - 2017-01-09 10:10 - 0023622 _____ () C:\Users\HF\AppData\Roaming\aliexpress.ico
2017-01-09 10:10 - 2017-01-09 10:10 - 0099678 _____ () C:\Users\HF\AppData\Roaming\booking.ico
2017-01-09 10:07 - 2017-01-09 10:07 - 0000954 _____ () C:\Users\HF\AppData\Roaming\coreavc.ini
2016-07-30 13:04 - 2016-07-31 00:36 - 0000134 _____ () C:\Users\HF\AppData\Roaming\CSharpAnalytics-MeasurementQueue
2016-07-30 12:18 - 2016-07-31 00:36 - 0000443 _____ () C:\Users\HF\AppData\Roaming\CSharpAnalytics-MeasurementSession
2014-12-10 00:07 - 2014-12-10 00:07 - 0007605 _____ () C:\Users\HF\AppData\Local\Resmon.ResmonCfg
2015-01-02 22:55 - 2015-01-02 22:55 - 0000057 _____ () C:\ProgramData\Ament.ini
2015-02-12 07:53 - 2012-08-31 14:08 - 0024772 _____ () C:\ProgramData\P1100DEF.css
2015-02-12 07:53 - 2015-02-12 07:53 - 0004244 _____ () C:\ProgramData\P1100OS.HTM
2015-02-12 07:53 - 2012-08-31 14:08 - 0002944 _____ () C:\ProgramData\P1100SIG.GIF

Some files in TEMP:
====================
C:\Users\HF\AppData\Local\Temp\3516.tmp.exe
C:\Users\HF\AppData\Local\Temp\3760.tmp.exe
C:\Users\HF\AppData\Local\Temp\4544.tmp.exe
C:\Users\HF\AppData\Local\Temp\59A7.tmp.exe
C:\Users\HF\AppData\Local\Temp\622.tmp.exe
C:\Users\HF\AppData\Local\Temp\6C8C.tmp.exe
C:\Users\HF\AppData\Local\Temp\87F9.tmp.exe
C:\Users\HF\AppData\Local\Temp\jre-8u101-windows-au.exe
C:\Users\HF\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\HF\AppData\Local\Temp\nvSCPAPI64.dll
C:\Users\HF\AppData\Local\Temp\nvStInst.exe
C:\Users\HF\AppData\Local\Temp\proxy_vole8700737139526909104.dll


==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-12-31 18:35

==================== End of FRST.txt ============================

Re: FIrefox mi otvára nežiadúce web stránky

Napsal: 10 led 2017 17:53
od Zanzdm
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-01-2017
Ran by HF (10-01-2017 17:46:46)
Running from C:\Users\HF\Downloads
Windows 10 Home Version 1607 (X64) (2016-08-07 09:21:55)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-4039880186-1844316042-2073029014-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-4039880186-1844316042-2073029014-503 - Limited - Disabled)
Guest (S-1-5-21-4039880186-1844316042-2073029014-501 - Limited - Disabled)
HF (S-1-5-21-4039880186-1844316042-2073029014-1000 - Administrator - Enabled) => C:\Users\HF

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 13 ActiveX (HKLM-x32\...\{10B037CE-CDF6-4B7F-85DC-057CBE774FB7}) (Version: 13.0.0.258 - Adobe Systems Incorporated)
Adobe Flash Player 24 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 24.0.0.186 - Adobe Systems Incorporated)
Adobe Photoshop CS (HKLM-x32\...\{EFB21DE7-8C19-4A88-BB28-A766E16493BC}) (Version: CS - Adobe Systems, Inc.)
Aktualizácie NVIDIA 2.11.4.1 (Version: 2.11.4.1 - NVIDIA Corporation) Hidden
Ansel (Version: 375.70 - NVIDIA Corporation) Hidden
Arcanika (HKU\S-1-5-21-4039880186-1844316042-2073029014-1000\...\Arcanika) (Version: 1.0.0.0 - Alawar Entertainment Inc.)
Autodesk MapGuide(R) Viewer ActiveX Control Release 6.5 (HKLM-x32\...\{E031338C-839D-4EDD-9537-99B653C39D81}) (Version: 6.5.5.24 - Autodesk, Inc.)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Bing Bar (HKLM-x32\...\{3611CA6C-5FCA-4900-A329-6A118123CCFC}) (Version: 7.1.355.0 - Microsoft Corporation)
Body Text Feathering (HKLM-x32\...\PopupProduct) (Version: 1.0.0.0 - Body Text Feathering) <==== ATTENTION
Boid (HKLM\...\Steam App 314010) (Version: - Mokus)
Císařský ostrov 2: Pátrání po nové zemi (HKU\S-1-5-21-4039880186-1844316042-2073029014-1000\...\Císařský ostrov 2: Pátrání po nové zemi) (Version: 1.0.0.0 - Alawar Entertainment Inc.)
Císařský ostrov 3: Expanze (HKU\S-1-5-21-4039880186-1844316042-2073029014-1000\...\Císařský ostrov 3: Expanze) (Version: 1.0.0.0 - Alawar Entertainment Inc.)
CleanBrowser (HKLM-x32\...\CleanBrowser) (Version: - ) <==== ATTENTION
Command & Conquer™ Red Alert 2 and Yuri’s Revenge (HKLM-x32\...\{F5275D1C-D133-486D-8F07-D6C571F0A8EC}) (Version: 1.0.0.0 - Electronic Arts, Inc.)
DAEMON Tools Pro (HKLM-x32\...\DAEMON Tools Pro) (Version: 6.0.0.0445 - Disc Soft Ltd)
Deathtrap (HKLM-x32\...\Deathtrap_is1) (Version: - NeocoreGames)
Diablo III (HKLM-x32\...\Diablo III) (Version: - Blizzard Entertainment)
Elasto Mania (HKLM-x32\...\Elasto Mania) (Version: - )
Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
Fahrenheit Indigo Prophecy Remastered (HKLM-x32\...\Fahrenheit Indigo Prophecy Remastered_is1) (Version: - )
Fallout 4 (HKLM-x32\...\Fallout 4_is1) (Version: - )
GOG Galaxy (HKLM-x32\...\{7258BA11-600C-430E-A759-27E2C691A335}_is1) (Version: - GOG.com)
Google Earth (HKLM-x32\...\{A0C18B96-AB79-46BD-8321-6FA83E6D25B9}) (Version: 7.1.7.2606 - Google)
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
Grey Goo (HKLM-x32\...\Grey Goo_is1) (Version: - )
HP Deskjet 4620 series Basic Device Software (HKLM\...\{6D790D6C-EF5F-40AC-A9BF-2ADF638C02AD}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Deskjet 4620 series Help (HKLM-x32\...\{5773FBCB-BA2C-4F3E-9904-48247BF752FC}) (Version: 6.0.0 - Hewlett Packard)
HP Deskjet 4620 series Product Improvement Study (HKLM\...\{8703F965-1B1F-491F-ACCF-2B0626732065}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP LaserJet Professional P1100-P1560-P1600 Series (HKLM\...\HP LaserJet Professional P1100-P1560-P1600 Series) (Version: - )
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HWiNFO64 Version 4.02 (HKLM\...\HWiNFO64_is1) (Version: 4.02 - Martin Malík - REALiX)
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
INSIDE Demo (HKLM\...\Steam App 530210) (Version: - Playdead)
Java 8 Update 101 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180101F0}) (Version: 8.0.1010.13 - Oracle Corporation)
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
Legend of Grimrock 2 (HKLM-x32\...\Legend of Grimrock 2) (Version: - )
Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.51 - Logitech Inc.)
Malwarebytes Anti-Malware verzia 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Office 2013 pre študentov a domácnosti - sk-sk (HKLM\...\HomeStudentRetail - sk-sk) (Version: 15.0.4885.1001 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 (HKLM-x32\...\{e46eca4f-393b-40df-9f49-076faf788d83}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM-x32\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Mozilla Firefox 32.0.3 (x86 sk) (HKLM-x32\...\Mozilla Firefox 32.0.3 (x86 sk)) (Version: 32.0.3 - Mozilla)
Mozilla Firefox 50.1.0 (x86 sk) (HKU\S-1-5-21-4039880186-1844316042-2073029014-1000\...\Mozilla Firefox 50.1.0 (x86 sk)) (Version: 50.1.0 - Mozilla)
NVIDIA 3D Vision radič ovládača 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation)
NVIDIA Grafický ovládač 375.70 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 375.70 - NVIDIA Corporation)
NVIDIA Ovládač 3D Vision 375.70 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 375.70 - NVIDIA Corporation)
NVIDIA Ovládač zvuku HD 1.3.34.17 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.17 - NVIDIA Corporation)
NVIDIA Softvér systému s podporou technológie PhysX 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4885.1001 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4885.1001 - Microsoft Corporation) Hidden
Origin (HKLM-x32\...\Origin) (Version: 9.7.2.53208 - Electronic Arts, Inc.)
Ovládací panel NVIDIA 375.70 (Version: 375.70 - NVIDIA Corporation) Hidden
Pneuma Breath of Life (HKLM-x32\...\Pneuma Breath of Life_is1) (Version: - )
Quern - Undying Thoughts (HKLM\...\cXVlcm51bmR5aW5ndGhvdWdodHM_is1) (Version: 1 - )
Rise of the Tomb Raider (HKLM-x32\...\{45F08513-973A-4C18-93FD-8E12B1908390}_is1) (Version: - Square Enix)
Rise of the Tomb Raider magyarítás (HKLM-x32\...\Rise of the Tomb Raider magyarítás) (Version: 1.0.1.0 - TombRaiderS.hu)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.5.8 - Rockstar Games)
RunBooster (HKLM\...\RunBooster) (Version: 1.0.3 - SkyNET Corporation) <==== ATTENTION
Samorost 3 (HKLM\...\Steam App 421120) (Version: - Amanita Design)
SES Driver (HKLM\...\{D8CC254C-C671-4664-9A38-FA368D1E2C97}) (Version: 1.0.0 - Western Digital)
SHIELD Streaming (Version: 7.1.0280 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.11.4.1 - NVIDIA Corporation) Hidden
Shovel Knight (HKLM-x32\...\1207664823_is1) (Version: 2.0.0.5 - GOG.com)
Sigils of Elohim (HKLM\...\Steam App 321480) (Version: - Croteam)
Skype Click to Call (HKLM-x32\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation)
Skype™ 7.2 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.2.103 - Skype Technologies S.A.)
Spyware Terminator 2012 (HKLM-x32\...\{56736259-613E-4A3B-B428-6235F2E76F44}_is1) (Version: 3.0.0.82 - Crawler, LLC)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
The Crew (Worldwide) (HKLM-x32\...\Uplay Install 413) (Version: - Ubisoft)
The Talos Principle (HKLM\...\Steam App 257510) (Version: - Croteam)
The Treasures of Montezuma 5 (HKU\S-1-5-21-4039880186-1844316042-2073029014-1000\...\The Treasures of Montezuma 5) (Version: 1.0.0.0 - Alawar Entertainment Inc.)
The Witcher 3 - Wild Hunt (HKLM-x32\...\1207664643_is1) (Version: 1.0.8.2 - GOG.com)
The Witcher 3: Wild Hunt - Ballad Heroes - Neutral Gwent Card Set (HKLM-x32\...\Ballad Heroes - Neutral Gwent Card Set_is1) (Version: 1.0.0.0 - GOG.com)
The Witcher 3: Wild Hunt - Beard and Hairstyle Set (HKLM-x32\...\Beard and Hairstyle Set_is1) (Version: 1.0.0.0 - GOG.com)
The Witcher 3: Wild Hunt - Elite Crossbow Set (HKLM-x32\...\Elite Crossbow Set_is1) (Version: 1.0.0.0 - GOG.com)
The Witcher 3: Wild Hunt - New Quest - Contract - Skellige's Most Wanted (HKLM-x32\...\New Quest - Contract: Skellige's Most Wanted_is1) (Version: 1.0.0.0 - GOG.com)
The Witcher 3: Wild Hunt - New Quest - Contract Missing Miners (HKLM-x32\...\New Quest - Contract Missing Miners_is1) (Version: 1.0.0.0 - GOG.com)
The Witcher 3: Wild Hunt - New Quest - Fool's Gold (HKLM-x32\...\New Quest - Fool's Gold_is1) (Version: 1.0.0.0 - GOG.com)
The Witcher 3: Wild Hunt - New Quest - Scavenger Hunt - Wolf School Gear (HKLM-x32\...\New Quest - Scavenger Hunt: Wolf School Gear_is1) (Version: 1.0.0.0 - GOG.com)
The Witcher 3: Wild Hunt - New Quest - Where the Cat and Wolf Play... (HKLM-x32\...\New Quest - Where the Cat and Wolf Play..._is1) (Version: 1.0.0.0 - GOG.com)
The Witcher 3: Wild Hunt - Nilfgaardian Armor Set (HKLM-x32\...\Nilfgaardian Armor Set_is1) (Version: 1.0.0.0 - GOG.com)
The Witcher 3: Wild Hunt - O víně a krvi (HKLM-x32\...\Blood and Wine_is1) (Version: 1.22.0.0 - GOG.com)
The Witcher 3: Wild Hunt - Skellige Armor Set (HKLM-x32\...\Skellige Armor Set_is1) (Version: 1.0.0.0 - GOG.com)
The Witcher 3: Wild Hunt - Srdce z kamene (HKLM-x32\...\Hearts of Stone_is1) (Version: 1.0.0.0 - GOG.com)
The Witcher 3: Wild Hunt - Temerian Armor Set (HKLM-x32\...\Temerian Armor Set_is1) (Version: 1.0.0.0 - GOG.com)
The Witness (HKLM-x32\...\Steam App 210970) (Version: - Thekla, Inc.)
There You Go (HKLM-x32\...\{E6ACA272-5C32-474F-B554-8DC366D6FED2}_is1) (Version: 0.3 - Octogear Games)
Total Commander 64-bit (Remove or Repair) (HKLM\...\Totalcmd64) (Version: 8.0 - Ghisler Software GmbH)
Trine 3 The Artifacts of Power (HKLM-x32\...\Trine 3 The Artifacts of Power_is1) (Version: - )
UE4 Prerequisites (x64) (HKLM-x32\...\{9514471f-b41e-41f7-af03-7da1d05b279e}) (Version: 1.0.8.0 - Epic Games, Inc.)
UE4 Prerequisites (x64) (Version: 1.0.8.0 - Epic Games, Inc.) Hidden
Uplay (HKLM-x32\...\Uplay) (Version: 23.0 - Ubisoft)
Vampire Setup Tool v2.1.0.2 (CD) (HKLM-x32\...\Vampire Setup Tool_is1) (Version: 2.1.0.2 - LEC s.r.o.)
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.3.0 (HKLM\...\VulkanRT1.0.3.0) (Version: 1.0.3.0 - LunarG, Inc.)
Watch Dogs (HKLM-x32\...\Watch Dogs_is1) (Version: 1.06.329 - Decepticon)
WestwoodOnline (HKLM-x32\...\{BBCD6D56-8A26-4DDE-9482-DBC9C7B7341D}) (Version: 1.0.0.0 - WestwoodOnline)
Windows Driver Package - Western Digital Technologies (WDC_SAM) WDC_SAM (01/19/2011 1.0.0009.0) (HKLM\...\4CA7CFBB29889F25ACB3DF6E3A42BAE29EB43B20) (Version: 01/19/2011 1.0.0009.0 - Western Digital Technologies)
WinRAR 5.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {06736D35-FF82-46B8-AAA8-BBD596C01F47} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {07A773F0-84D9-43D7-9018-8B5C63786BBD} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {0D304B76-C45E-4A99-895D-F9D90914CEC7} - System32\Tasks\CCleanerSkipUAC => D:\Program Files (x86)\Ccleaner\CCleaner.exe [2014-12-12] (Piriform Ltd)
Task: {15D5ADA6-9DF7-4B1C-BFC8-24E9EFECADBB} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {1C93ACF5-5617-43D3-8A34-F85EFBB32E3F} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {1F2E7B48-7D22-4124-B111-BCFA8CBEBC77} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {24761C72-F647-4ABC-B60A-6EAAFC43C31C} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {287A7FC3-DC33-4D18-BFC2-7783A986A85F} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {32E7B271-B149-4507-81CF-66A1C4FD466C} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {36E4A44F-AA83-402E-AA9A-43F69697F21E} - System32\Tasks\HPCustParticipation HP Deskjet 4620 series => C:\Program Files\HP\HP Deskjet 4620 series\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {38B0883A-B890-4767-BAAC-84B314613FE5} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {3939D70D-73C7-4027-A7FF-DA2D18EB6F2E} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-11-01] (Microsoft Corporation)
Task: {3C6BECA6-82E6-4635-9E90-0E892C76FE4C} - \Microsoft\Windows\Setup\GWXTriggers\Time-Weekend -> No File <==== ATTENTION
Task: {3D8A0186-694F-4182-8295-87C8C760F48D} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {406DD0A8-4734-4A4B-9832-DD8CB0AB77C2} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {432A35EE-8104-433F-A4A4-56996C3EAF79} - System32\Tasks\UCBrowserUpdater => C:\Program Files (x86)\UCBrowser\Application\update_task.exe <==== ATTENTION
Task: {43E7F056-78ED-4C3C-804D-46D9C2B1737B} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => C:\Program Files\Microsoft Security Client\MpCmdRun.exe
Task: {567F1894-0129-4E4D-8D38-E47172B3C8DF} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {5859EF57-FFCA-4A37-9159-D56EABC6D4D2} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {60E29AFC-FB22-47A1-BCB9-D2F89246CEF8} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {629D3C01-B168-4B1F-AF9D-5AF1845F9CA9} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {66FA7D73-8405-46FA-9902-B98DAC77E43E} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {6FBC6428-B052-4C13-88D2-C1E7DDFFA875} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {724EE812-2501-44E6-A340-95E28D4F8EDE} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {80AD4F2A-EB9E-4DCE-B8A8-55C08FB51C6F} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {86610784-72A1-4954-9300-E62295344754} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-4039880186-1844316042-2073029014-1000UA => C:\Users\HF\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-12-07] (Facebook Inc.)
Task: {881F291F-D866-4368-A4E8-3FE736A33FD3} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {8D85D839-1537-4C25-B949-A53EC58EB86F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-11-08] (Google Inc.)
Task: {8FD88B27-4197-482A-B9DE-652BCE5E8963} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-12-15] (Adobe Systems Incorporated)
Task: {90E84993-AACF-4F97-81DF-F4B5AE3CA496} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe
Task: {98013681-F06C-429A-A60B-3FA20A156494} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {987DED66-420F-48C6-BF19-35D036F957A1} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-4039880186-1844316042-2073029014-1000Core => C:\Users\HF\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-12-07] (Facebook Inc.)
Task: {9C8113AB-B73A-4576-A646-B1E2C7F3D0DE} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {9E62FCF7-AEE8-4CA6-942C-062B8BD7193C} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {9F16C6EF-6609-4310-A3DC-185F5B59F8B9} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {A1CCB7E4-3D84-46BF-AEB2-56E28F92227D} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {A201C7BA-426A-4D9A-AC61-C4501248CB47} - System32\Tasks\{18771E40-0FE4-4711-A157-30BA2B2C17D5} => pcalua.exe -a "D:\Firefox Setup 32.0.3.exe" -d C:\Users\HF\Desktop
Task: {AD3DC121-AE21-4E52-A67A-03EE57E0D72F} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {AD566290-7CCF-4554-AD75-7A3C4F70FF9E} - System32\Tasks\UCBrowserUpdaterCore => C:\Program Files (x86)\UCBrowser\Application\update_task.exe <==== ATTENTION
Task: {B0B1D70F-75C2-49FC-821F-DC0882A84DC6} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {B0B51D71-39D1-4FEB-9B5A-63B38490B61D} - \Microsoft\Windows\Setup\gwx\rundetector -> No File <==== ATTENTION
Task: {C2092512-7397-4E8D-B710-6461B4485801} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\WINDOWS\ehome\mcupdate.exe
Task: {C726FFC9-2ED4-49CF-9D87-3A00A4CFDD8B} - System32\Tasks\UCBrowserSecureUpdater => C:\Program Files (x86)\UCBrowser\Security\uclauncher.exe <==== ATTENTION
Task: {C8326541-BDAA-4F08-9D02-8FDCFF334A9A} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {CCAA96FB-689C-44CF-8EEA-F65BDF25A93F} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {D8951481-12FD-459B-9184-990F334DAD9D} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-11-01] (Microsoft Corporation)
Task: {DA19B2DF-B2F6-4FA1-81BC-427CEE207C1E} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\WINDOWS\ehome\ehrec.exe
Task: {DD45CD38-D16C-450E-BDD2-64D4D5FBEE7D} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe
Task: {E3053430-C536-4879-AD93-C83DA7477DCA} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-11-08] (Google Inc.)
Task: {E9745C4D-6BC9-4138-976C-CC0D7DEEFF17} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe
Task: {EAE16547-FBCF-42A9-B654-9686FFE6220D} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {EB310B81-687B-4880-B466-7EE113BD9683} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {FA749848-22C7-475E-BCF8-CE0190D7CAD0} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-4039880186-1844316042-2073029014-1000Core.job => C:\Users\HF\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-4039880186-1844316042-2073029014-1000UA.job => C:\Users\HF\AppData\Local\Facebook\Update\FacebookUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2014-11-23 22:01 - 2012-08-31 15:02 - 00074240 _____ () C:\WINDOWS\system32\spool\PRTPROCS\x64\HP1100PP.DLL
2015-03-28 22:18 - 2016-05-24 08:51 - 00116416 _____ () C:\PROGRAM FILES\MICROSOFT OFFICE 15\CLIENTX64\ApiClient.dll
2016-03-07 20:02 - 2016-06-15 02:14 - 00369208 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\MessageBus.dll
2015-12-29 03:40 - 2016-06-15 02:14 - 00289848 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamBase.dll
2016-11-04 13:15 - 2016-06-15 02:14 - 01148984 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\libprotobuf.dll
2016-03-07 20:02 - 2016-06-15 02:14 - 03613240 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Poco.dll
2016-11-04 13:15 - 2016-06-15 02:14 - 01990200 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvPortForwardPlugin.dll
2016-11-04 13:15 - 2016-06-15 02:14 - 02667576 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvMdnsPlugin.dll
2016-11-04 13:15 - 2016-06-15 02:14 - 01842232 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\RtspPlugin.dll
2016-02-01 22:33 - 2016-06-15 02:14 - 00208952 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\RtspServer.dll
2017-01-09 21:04 - 2017-01-09 21:04 - 00460800 _____ () C:\Program Files (x86)\368b2629-7a03-4729-9ab5-7b52dcab61d01483953004\kns8F9A.tmp
2016-07-16 12:42 - 2016-07-16 12:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-12-14 21:29 - 2016-12-09 11:29 - 02681200 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-08-07 10:03 - 2016-10-25 21:17 - 00133056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2016-12-14 21:29 - 2016-12-09 11:29 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-12-14 21:29 - 2016-12-09 11:29 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
2016-08-07 10:27 - 2016-08-07 10:27 - 00959168 _____ () C:\Users\HF\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\amd64\ClientTelemetry.dll
2016-09-15 00:28 - 2016-09-07 05:56 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2016-12-14 21:29 - 2016-12-09 10:41 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2016-11-09 12:56 - 2016-11-02 11:21 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-11-09 12:56 - 2016-11-02 11:15 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-11-09 12:56 - 2016-11-02 11:14 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2016-11-09 12:56 - 2016-11-02 11:16 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-11-09 12:56 - 2016-11-02 11:17 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-12-14 21:08 - 2016-12-14 21:08 - 00072192 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.145.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2016-12-14 21:08 - 2016-12-14 21:08 - 00179712 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.145.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2016-12-14 21:08 - 2016-12-14 21:08 - 42130432 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.145.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2016-12-14 21:08 - 2016-12-14 21:08 - 02216448 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.145.0_x64__kzf8qxf38zg5c\roottools.dll
2017-01-09 10:11 - 2017-01-09 10:11 - 00369664 _____ () C:\Program Files\NERH5YV48N\NERH5YV48.exe
2017-01-09 10:11 - 2017-01-09 10:11 - 00369664 _____ () C:\Program Files\XGA2TBQJOS\XGA2TBQJO.exe
2017-01-09 10:20 - 2017-01-09 10:20 - 00369664 _____ () C:\Program Files\VOXR3SMG36\VOXR3SMG3.exe
2016-11-04 13:15 - 2016-06-15 02:14 - 00035896 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_system-vc120-mt-1_58.dll
2016-11-04 13:15 - 2016-06-15 02:14 - 00921656 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_regex-vc120-mt-1_58.dll
2017-01-09 10:04 - 2017-01-09 10:12 - 00178688 _____ () c:\program files (x86)\arorit\drhcnf.dll
2017-01-09 10:06 - 2017-01-03 03:49 - 00324336 _____ () c:\program files\safiplayer\safisvc.dll
2017-01-09 10:06 - 2016-12-21 02:13 - 00261360 _____ () c:\program files\safiplayer\updater\checkupdate.dll
2017-01-09 10:06 - 2016-10-25 04:33 - 00166128 _____ () c:\program files\safiplayer\substat.dll
2017-01-09 10:06 - 2016-12-20 05:38 - 01778928 _____ () c:\program files\safiplayer\softconfig.dll
2015-03-30 20:22 - 2016-06-15 02:14 - 00020536 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2015-05-25 19:23 - 2016-12-08 16:13 - 00656160 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2015-05-25 19:23 - 2016-09-01 02:02 - 04969248 _____ () C:\Program Files (x86)\Steam\v8.dll
2015-05-25 19:23 - 2016-12-20 03:25 - 02322720 _____ () C:\Program Files (x86)\Steam\video.dll
2015-05-25 19:22 - 2016-01-27 08:49 - 02549760 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2015-05-25 19:22 - 2016-01-27 08:49 - 00491008 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2015-05-25 19:22 - 2016-01-27 08:49 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2015-05-25 19:22 - 2016-01-27 08:49 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2015-05-25 19:22 - 2016-01-27 08:49 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2015-05-25 19:23 - 2016-09-01 02:02 - 01563936 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2015-05-25 19:23 - 2016-09-01 02:02 - 01195296 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2015-05-25 19:23 - 2016-12-20 03:25 - 00838944 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2016-03-14 07:42 - 2016-07-04 23:17 - 00266560 _____ () C:\Program Files (x86)\Steam\openvr_api.dll
2015-05-19 22:06 - 2016-09-19 10:59 - 53018112 _____ () C:\Program Files (x86)\GalaxyClient\libcef.dll
2015-05-19 22:06 - 2016-12-20 11:40 - 00507968 _____ () C:\Program Files (x86)\GalaxyClient\PocoUtil.dll
2015-05-19 22:06 - 2016-12-20 11:40 - 01076800 _____ () C:\Program Files (x86)\GalaxyClient\PocoNet.dll
2015-05-19 22:06 - 2016-12-20 11:40 - 01854528 _____ () C:\Program Files (x86)\GalaxyClient\PocoData.dll
2015-05-19 22:06 - 2016-12-20 11:40 - 00393280 _____ () C:\Program Files (x86)\GalaxyClient\PocoDataSQLite.dll
2015-05-19 22:06 - 2016-12-20 11:40 - 01589312 _____ () C:\Program Files (x86)\GalaxyClient\PocoFoundation.dll
2015-05-19 22:06 - 2016-12-20 11:40 - 00307776 _____ () C:\Program Files (x86)\GalaxyClient\PocoNetSSL.dll
2015-05-19 22:06 - 2016-12-20 11:40 - 00330816 _____ () C:\Program Files (x86)\GalaxyClient\PocoJSON.dll
2015-05-19 22:06 - 2016-12-20 11:40 - 00104000 _____ () C:\Program Files (x86)\GalaxyClient\zlib.dll
2015-05-19 22:06 - 2016-12-20 11:40 - 00520768 _____ () C:\Program Files (x86)\GalaxyClient\PocoXML.dll
2015-05-19 22:06 - 2016-12-20 11:40 - 00272448 _____ () C:\Program Files (x86)\GalaxyClient\PocoZip.dll
2015-05-19 22:06 - 2016-12-20 11:40 - 00425536 _____ () C:\Program Files (x86)\GalaxyClient\pcre.dll
2015-05-19 22:06 - 2016-12-20 11:40 - 00680000 _____ () C:\Program Files (x86)\GalaxyClient\sqlite.dll
2015-05-19 22:06 - 2016-12-20 11:40 - 00157760 _____ () C:\Program Files (x86)\GalaxyClient\PocoCrypto.dll
2015-05-19 22:05 - 2016-12-20 11:40 - 00152128 _____ () C:\Program Files (x86)\GalaxyClient\expat.dll
2016-09-20 17:42 - 2016-09-20 17:42 - 00325824 _____ () C:\Program Files\Microsoft Office 15\root\office15\AppVIsvStream32.dll
2015-05-19 22:06 - 2016-09-19 10:59 - 01738752 _____ () C:\Program Files (x86)\GalaxyClient\libglesv2.dll
2015-05-19 22:06 - 2016-09-19 10:59 - 00078848 _____ () C:\Program Files (x86)\GalaxyClient\libegl.dll
2016-12-13 13:04 - 2016-12-05 17:21 - 67304736 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7\libcef.dll
2015-05-25 19:23 - 2016-12-20 03:25 - 00388384 _____ () C:\Program Files (x86)\Steam\steam.dll
2015-05-25 19:22 - 2015-09-25 00:52 - 00119208 _____ () C:\Program Files (x86)\Steam\winh264.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:55F44B88 [99]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2017-01-09 13:42 - 00003782 ____A C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1 down.baidu2016.com
127.0.0.1 123.sogou.com
127.0.0.1 www.czzsyzgm.com
127.0.0.1 www.czzsyzxl.com
127.0.0.1 union.baidu2019.com
127.0.0.1 down.baidu2016.com
127.0.0.1 123.sogou.com
127.0.0.1 www.czzsyzgm.com
127.0.0.1 www.czzsyzxl.com
127.0.0.1 union.baidu2019.com
34.195.153.94 www.google-analytics.com
34.195.153.94 google-analytics.com
34.195.153.94 mc.yandex.ru
34.195.153.94 top-fwz1.mail.ru
34.195.153.94 site.yandex.net
34.195.153.94 pagead2.googlesyndication.com
34.195.153.94 ad.mail.ru
34.195.153.94 ads.adfox.ru
34.195.153.94 ads.pubmatic.com
34.195.153.94 apis.google.com
34.195.153.94 autocontext.begun.ru
34.195.153.94 b.scorecardresearch.com
34.195.153.94 c.amazon-adsystem.com
34.195.153.94 cdn.admixer.net
34.195.153.94 cdn.cxense.com
34.195.153.94 cdn.livefyre.com
34.195.153.94 cdn.onthe.io
34.195.153.94 cdn.optimizely.com
34.195.153.94 cdn.prom.st
34.195.153.94 cdn.pushwoosh.com

There are 55 more lines.


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-4039880186-1844316042-2073029014-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\HF\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 192.168.100.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => LPort=139
FirewallRules: [MSMQ-In-TCP] => %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-TCP] => %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-In-UDP] => %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-UDP] => %systemroot%\system32\mqsvc.exe
FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => LPort=808
FirewallRules: [{A3CCCC52-64C4-461A-85DB-D28ACE0F17CB}] => d:\games\Imperial Island 2 The Search for New Land\F2PHttpDaemon.exe
FirewallRules: [{1040AC2C-DF8A-45FD-9177-993612918BA4}] => d:\games\Arcanika\F2PHttpDaemon.exe
FirewallRules: [{77B8F854-D89E-4854-AEC0-018F166C821C}] => d:\games\Imperial Island 3 Expansion\F2PHttpDaemon.exe
FirewallRules: [{FDC58FA9-CEC2-437C-ACE6-DA6216711CAC}] => d:\games\Imperial Island 3 Expansion\ImperialIsland3.wrp.exe
FirewallRules: [{55A6947F-AA39-4896-80E8-AF90CE3A8ACA}] => d:\games\Imperial Island 3 Expansion\ImperialIsland3.exe
FirewallRules: [{DC10B947-73C6-406B-8EC4-17EBAE625513}] => d:\games\The Treasures of Montezuma 5\F2PHttpDaemon.exe
FirewallRules: [{AB309106-1458-463D-A752-CC38B362D1E8}] => d:\games\The Treasures of Montezuma 5\TheTreasuresOfMontezuma5.exe
FirewallRules: [{CD8E39AA-DACD-41D8-8E2D-0CF73C6D60E6}] => C:\Program Files (x86)\Steam\steamapps\common\Boid\Boid.exe
FirewallRules: [{1C840F8E-2FC4-4F23-A9E0-B67DFCAD1C51}] => C:\Program Files (x86)\Steam\steamapps\common\Boid\Boid.exe
FirewallRules: [{81235BA4-BB06-4672-9C72-561FBF7D331B}] => C:\Program Files (x86)\Steam\steamapps\common\The Talos Principle\Bin\x64\Talos_Unrestricted.exe
FirewallRules: [{9A938CC0-545F-4950-8439-995B4E0BE34A}] => C:\Program Files (x86)\Steam\steamapps\common\The Talos Principle\Bin\x64\Talos_Unrestricted.exe
FirewallRules: [{9920BEC8-23C3-4B96-80EB-16E2A5749652}] => C:\Program Files (x86)\Steam\steamapps\common\The Talos Principle\Bin\x64\Talos.exe
FirewallRules: [{76824CDF-23AA-4719-990C-29E3BFA7B043}] => C:\Program Files (x86)\Steam\steamapps\common\The Talos Principle\Bin\x64\Talos.exe
FirewallRules: [{232025FA-50B9-4694-AF2C-2686248EB515}] => C:\Program Files (x86)\Steam\steamapps\common\The Talos Principle\Bin\Talos_Unrestricted.exe
FirewallRules: [{140D5A6D-7EC3-4AA9-9DE6-636FDAD5BCB0}] => C:\Program Files (x86)\Steam\steamapps\common\The Talos Principle\Bin\Talos_Unrestricted.exe
FirewallRules: [{2EA22E97-E107-4318-B554-953EB39F3FAC}] => C:\Program Files (x86)\Steam\steamapps\common\The Talos Principle\Bin\Talos.exe
FirewallRules: [{43F8BE30-43DF-4357-88E7-EE4AF8307EEB}] => C:\Program Files (x86)\Steam\steamapps\common\The Talos Principle\Bin\Talos.exe
FirewallRules: [{B4129D2D-072C-4C6D-A977-7FF254235004}] => d:\games\Hero of the Kingdom 2\F2PHttpDaemon.exe
FirewallRules: [{3824CF97-CF5A-4717-A35D-A40305AF3CF0}] => d:\games\Hero of the Kingdom\F2PHttpDaemon.exe
FirewallRules: [{2D95F73B-B705-48E9-B26D-D01A87B6826B}] => d:\games\Rooms The Unsolvable Puzzle\F2PHttpDaemon.exe
FirewallRules: [{0ACA7B47-DBFC-4621-9D6F-690997EA6BD4}] => d:\games\Fables of the Kingdom\F2PHttpDaemon.exe
FirewallRules: [{C7701DCC-1944-4599-99EE-32419C6E9198}] => C:\Program Files (x86)\Spyware Terminator\SpywareTerminator.exe
FirewallRules: [{EFECEBAA-49C0-4011-B5DD-45602D658529}] => C:\Program Files (x86)\Spyware Terminator\SpywareTerminator.exe
FirewallRules: [{1583AE19-87A7-4561-98B8-F50F147E206D}] => C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe
FirewallRules: [{53EB5B99-449E-4B44-B172-B6F810EA656D}] => C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe
FirewallRules: [{BB8F1B68-585D-4E01-A7F3-75C1CB2BCA25}] => C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{E7584D5B-C3A0-4553-9EA1-07F85BD6AEFB}] => C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{66F8F096-8165-43EE-B6CE-51BA7180C417}] => C:\Users\HF\AppData\Local\Facebook\Video\Skype\FacebookVideoCalling.exe
FirewallRules: [{A061188B-7A6F-41D1-844B-FC0619BF6506}] => D:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{47DE17CC-3B09-4DF3-914E-83421B83E19B}] => D:\Games\Battle.net\Battle.net.exe
FirewallRules: [{0BE291D3-36EF-44DC-BB31-2B0AA2E55739}] => D:\Games\Battle.net\Battle.net.exe
FirewallRules: [{050E508A-47A1-4837-8D19-3C36A8CD89A8}] => D:\Games\Diablo III\Diablo III.exe
FirewallRules: [{690A8A39-F405-470E-B7ED-9807FD8C65C1}] => D:\Games\Diablo III\Diablo III.exe
FirewallRules: [TCP Query User{A72173D9-1FD8-4F71-BE6F-A06E2E64C145}C:\program files (x86)\spyware terminator\spywareterminatorupdate.exe] => C:\program files (x86)\spyware terminator\spywareterminatorupdate.exe
FirewallRules: [UDP Query User{7424E903-FD4E-4382-9A31-24EA144095A9}C:\program files (x86)\spyware terminator\spywareterminatorupdate.exe] => C:\program files (x86)\spyware terminator\spywareterminatorupdate.exe
FirewallRules: [{A4D1C175-4C86-4FCA-B220-F687CEEFE0EE}] => C:\Program Files\HP\HP Deskjet 4620 series\bin\FaxApplications.exe
FirewallRules: [{374C9B75-9686-40FC-967D-4B3B59ABD8A3}] => C:\Program Files\HP\HP Deskjet 4620 series\bin\DigitalWizards.exe
FirewallRules: [{85F46697-00C7-45F8-B98C-D1BDE937D2DE}] => C:\Program Files\HP\HP Deskjet 4620 series\bin\SendAFax.exe
FirewallRules: [{48CF650C-8A6E-4F9A-B1EA-46D1BEDB5A7C}] => C:\Program Files\HP\HP Deskjet 4620 series\Bin\DeviceSetup.exe
FirewallRules: [{F579BEBF-526A-48A3-90A9-EFBEC4F5A070}] => C:\Program Files\HP\HP Deskjet 4620 series\Bin\HPNetworkCommunicator.exe
FirewallRules: [{84135734-8298-47B6-A332-2EED2B9B6D17}] => C:\Program Files\HP\HP Deskjet 4620 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [TCP Query User{ECD4261C-00F3-4E8E-B72D-77CA31239B7B}D:\program files (x86)\mozilla firefox\firefox.exe] => D:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{242A9A2E-C8F3-432A-A86C-3413DDA3B1BB}D:\program files (x86)\mozilla firefox\firefox.exe] => D:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [TCP Query User{3E8496EE-E9C1-4378-A92A-164EF985EE3C}D:\program files (x86)\mozilla firefox\firefox.exe] => D:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{0508203D-61FF-421E-842D-7BF54724115F}D:\program files (x86)\mozilla firefox\firefox.exe] => D:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [TCP Query User{69ED5FC0-2D58-43FC-9753-38169049FD61}D:\games\grey goo2\goog.exe] => D:\games\grey goo2\goog.exe
FirewallRules: [UDP Query User{E3CF19B0-4278-481C-AB00-770A014E58CB}D:\games\grey goo2\goog.exe] => D:\games\grey goo2\goog.exe
FirewallRules: [TCP Query User{A0B49DAC-611C-4BED-B777-DD01C2F47B23}D:\games\grey goo2\instanceserverg.exe] => D:\games\grey goo2\instanceserverg.exe
FirewallRules: [UDP Query User{71EBCA1F-900A-421C-A9F8-B3D54E39545A}D:\games\grey goo2\instanceserverg.exe] => D:\games\grey goo2\instanceserverg.exe
FirewallRules: [{E06ADFF9-828F-48FF-B2CE-4E562EDF1D40}] => C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{9B001EBE-64E1-4457-8E15-70226D389DE7}] => C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{393966E8-61DA-4F62-8807-1A2F78B4A73E}] => C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{3286FB9F-E05A-40F9-BB3E-4E845A3F2D1D}] => C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [TCP Query User{321E0F7A-C783-4C8E-A756-8114F9117230}D:\games\grand theft auto v\gta5.exe] => D:\games\grand theft auto v\gta5.exe
FirewallRules: [UDP Query User{5B381A68-58A5-4A2D-A975-835BECBA0867}D:\games\grand theft auto v\gta5.exe] => D:\games\grand theft auto v\gta5.exe
FirewallRules: [{3809497D-9FB0-4709-AE88-8B8CB56BD6D9}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{3A77466A-959F-41A0-BE36-26068290C065}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{3FA72A56-EC7A-4A6A-BED7-61F865669E13}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{2F1702E5-7801-473D-A5D3-D2599379EB8C}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{ACB068FE-2375-4676-BA18-CD8BA38AE29E}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{A3BAE0FA-A21C-44F9-9E68-6552E649B670}] => C:\Program Files (x86)\Origin Games\Command and Conquer Red Alert II\RA2Launcher.exe
FirewallRules: [{9E9594B2-377C-430D-9BFF-203E9AF3280D}] => C:\Program Files (x86)\Origin Games\Command and Conquer Red Alert II\RA2Launcher.exe
FirewallRules: [{A18DB4B6-820B-4BE2-880A-A852CAA249C8}] => D:\Games\Witness\steamapps\common\The Witness\witness_d3d11.exe
FirewallRules: [{FFD83B95-9276-409E-B251-7307F003D672}] => D:\Games\Witness\steamapps\common\The Witness\witness_d3d11.exe
FirewallRules: [{9F4C87AD-81AD-4B52-A1D1-520FD87C1890}] => D:\Games\Witness\steamapps\common\Sigils of Elohim\Sigils.exe
FirewallRules: [{F83387AF-39E3-4B3E-90CF-3CC7B101BB20}] => D:\Games\Witness\steamapps\common\Sigils of Elohim\Sigils.exe
FirewallRules: [{ABF26293-3755-410F-AED3-028B84CAC5FD}] => D:\Games\The Crew (Worldwide)\TheCrew.exe
FirewallRules: [{F8E6BA3B-5069-4F1A-BE83-398D6301A718}] => D:\Games\The Crew (Worldwide)\TheCrew.exe
FirewallRules: [TCP Query User{8EF70579-ABE7-4F7B-BE2F-12B505F6FD84}D:\games\grey goo2\instanceserverg.exe] => D:\games\grey goo2\instanceserverg.exe
FirewallRules: [UDP Query User{9D5BB297-F749-4485-9378-672EDCA38BCE}D:\games\grey goo2\instanceserverg.exe] => D:\games\grey goo2\instanceserverg.exe
FirewallRules: [TCP Query User{9FF636C5-8EDA-4964-B949-84600134A563}D:\games\grey goo2\goog.exe] => D:\games\grey goo2\goog.exe
FirewallRules: [UDP Query User{E66034E4-6EA8-4E3A-9E77-B7516F372F80}D:\games\grey goo2\goog.exe] => D:\games\grey goo2\goog.exe
FirewallRules: [{43A83DE8-C5A9-402E-8BFF-09B4CCD79289}] => C:\Program Files (x86)\Steam\steamapps\common\INSIDE\INSIDE.exe
FirewallRules: [{7AE411E6-49DD-4789-AA92-BA22BB6FE6A7}] => C:\Program Files (x86)\Steam\steamapps\common\INSIDE\INSIDE.exe
FirewallRules: [{2508444E-AB63-4ABB-96E3-A57EECF75E5E}] => C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{D10EB411-BBB1-4601-9233-988C8C316E50}] => C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{61B65D66-DA0C-4041-AA80-CDE565C18F51}] => C:\Program Files (x86)\Steam\steamapps\common\The Talos Principle\Bin\Talos.exe
FirewallRules: [{0D2F5EA8-80B4-4133-BAB7-2A0D42C6C849}] => C:\Program Files (x86)\Steam\steamapps\common\The Talos Principle\Bin\Talos.exe
FirewallRules: [{D2410BC8-9C72-4CF1-A3C2-11E48A9F52A8}] => C:\Program Files (x86)\Steam\steamapps\common\The Talos Principle\Bin\Talos_Unrestricted.exe
FirewallRules: [{C15F86E3-5E89-42C9-ADF1-F33EF1F7546E}] => C:\Program Files (x86)\Steam\steamapps\common\The Talos Principle\Bin\Talos_Unrestricted.exe
FirewallRules: [{359081A5-197C-4895-BD3F-C8537525F0BE}] => C:\Program Files (x86)\Steam\steamapps\common\The Talos Principle\Bin\x64\Talos.exe
FirewallRules: [{6FAE664E-8857-4766-AF8F-0D0B9D555D69}] => C:\Program Files (x86)\Steam\steamapps\common\The Talos Principle\Bin\x64\Talos.exe
FirewallRules: [{3741A21D-D279-4A40-8C5F-D6FE324A6E38}] => C:\Program Files (x86)\Steam\steamapps\common\The Talos Principle\Bin\x64\Talos_Unrestricted.exe
FirewallRules: [{8CFF223C-A8FA-4BC7-B435-211BEF6F3617}] => C:\Program Files (x86)\Steam\steamapps\common\The Talos Principle\Bin\x64\Talos_Unrestricted.exe
FirewallRules: [{E965B364-4EDE-4779-B80C-FDF2FD36887E}] => C:\Program Files (x86)\Steam\steamapps\common\Samorost 3\Samorost3.exe
FirewallRules: [{BEF8BD3D-CD09-4B3B-81F2-2C1704FC1B46}] => C:\Program Files (x86)\Steam\steamapps\common\Samorost 3\Samorost3.exe
FirewallRules: [{241CC4B7-1C64-4EBE-BF2F-3975DEFC61EF}] => C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe
FirewallRules: [{11E3A738-4EBA-47F5-AF67-8C2D280A676C}] => C:\Program Files (x86)\UCBrowser\Application\Downloader\download\MiniThunderPlatform.exe
FirewallRules: [{B8FB622D-1D1B-4F0F-B2E0-CDE144159E4F}] => C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe
FirewallRules: [TCP Query User{688F0FF4-3E9C-45A7-A468-477DA861A70B}C:\program files\safiplayer\safiterminal.exe] => C:\program files\safiplayer\safiterminal.exe
FirewallRules: [UDP Query User{AE70EEC6-164F-40A0-A228-14636A5938C7}C:\program files\safiplayer\safiterminal.exe] => C:\program files\safiplayer\safiterminal.exe
FirewallRules: [TCP Query User{2B6683B2-39D6-477C-8060-B07AE9F2DB8C}C:\program files\safiplayer\safiplayer.exe] => C:\program files\safiplayer\safiplayer.exe
FirewallRules: [UDP Query User{15EED2C4-B64D-47AD-B846-6AEC90143C40}C:\program files\safiplayer\safiplayer.exe] => C:\program files\safiplayer\safiplayer.exe

==================== Restore Points =========================

ATTENTION: System Restore is disabled

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (01/10/2017 03:57:15 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "D:\Games\Fahrenheit Indigo Prophecy Remastered\Fahrenheit.exe".
Dependent Assembly Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (01/10/2017 03:53:29 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Názov chybujúcej aplikácie: NvStreamUserAgent.exe, verzia: 7.1.2084.9592, časová značka: 0x57605c64
Názov chybujúceho modulu: ntdll.dll, verzia: 10.0.14393.479, časová značka: 0x5825887f
Kód výnimky: 0xc0000005
Odstup chyby: 0x0000000000030bdd
Identifikácia chybujúceho procesu: 0x1404
Čas spustenia chybujúcej aplikácie: 0x01d26b514b24beac
Cesta chybujúcej aplikácie: C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
Cesta chybujúceho modulu: C:\WINDOWS\SYSTEM32\ntdll.dll
Identifikácia hlásenia: f0052e99-dd29-4032-b633-64d636a49556
Celé meno chybujúceho balíka:
Identifikácia chybujúcej aplikácie vzhľadom na balík:

Error: (01/09/2017 07:29:26 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Názov chybujúcej aplikácie: NvStreamUserAgent.exe, verzia: 7.1.2084.9592, časová značka: 0x57605c64
Názov chybujúceho modulu: ntdll.dll, verzia: 10.0.14393.479, časová značka: 0x5825887f
Kód výnimky: 0xc0000005
Odstup chyby: 0x0000000000030bdd
Identifikácia chybujúceho procesu: 0x21cc
Čas spustenia chybujúcej aplikácie: 0x01d26aa64e5d72cb
Cesta chybujúcej aplikácie: C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
Cesta chybujúceho modulu: C:\WINDOWS\SYSTEM32\ntdll.dll
Identifikácia hlásenia: 0c13eff8-517e-4bf3-8ebd-1499700e04ba
Celé meno chybujúceho balíka:
Identifikácia chybujúcej aplikácie vzhľadom na balík:

Error: (01/09/2017 01:18:06 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Názov chybujúcej aplikácie: setup.exe_unknown, verzia: 0.0.0.0, časová značka: 0x58352bc7
Názov chybujúceho modulu: NVI2.DLL, verzia: 2.1002.235.2016, časová značka: 0x58352cf4
Kód výnimky: 0x40000015
Odstup chyby: 0x00280596
Identifikácia chybujúceho procesu: 0x6d8
Čas spustenia chybujúcej aplikácie: 0x01d26a71f79ae864
Cesta chybujúcej aplikácie: C:\ProgramData\NVIDIA Corporation\GeForce Experience\Update\setup.exe
Cesta chybujúceho modulu: C:\Program Files\NVIDIA Corporation\Installer2\CoreTemp.{244EEA05-607A-47B3-8841-9E0AA5EEF7AA}\NVI2.DLL
Identifikácia hlásenia: 0320f1a2-fbd2-4342-b91a-3f647696214a
Celé meno chybujúceho balíka:
Identifikácia chybujúcej aplikácie vzhľadom na balík:

Error: (01/09/2017 01:14:51 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "D:\Games\Fahrenheit Indigo Prophecy Remastered\Fahrenheit.exe".
Dependent Assembly Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (01/09/2017 01:14:39 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "D:\Games\Fahrenheit Indigo Prophecy Remastered\Fahrenheit.exe".
Dependent Assembly Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (01/09/2017 01:14:02 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "D:\Games\Fahrenheit Indigo Prophecy Remastered\Fahrenheit.exe".
Dependent Assembly Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (01/09/2017 01:13:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Názov chybujúcej aplikácie: NvStreamUserAgent.exe, verzia: 7.1.2084.9592, časová značka: 0x57605c64
Názov chybujúceho modulu: ntdll.dll, verzia: 10.0.14393.479, časová značka: 0x5825887f
Kód výnimky: 0xc0000005
Odstup chyby: 0x0000000000030bdd
Identifikácia chybujúceho procesu: 0x10b8
Čas spustenia chybujúcej aplikácie: 0x01d26a71b9b12bf9
Cesta chybujúcej aplikácie: C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
Cesta chybujúceho modulu: C:\WINDOWS\SYSTEM32\ntdll.dll
Identifikácia hlásenia: e81727c1-53ed-4cf4-a3fa-4e59048fc0e2
Celé meno chybujúceho balíka:
Identifikácia chybujúcej aplikácie vzhľadom na balík:

Error: (01/09/2017 01:02:01 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "D:\Games\Fahrenheit Indigo Prophecy Remastered\Fahrenheit.exe".
Dependent Assembly Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (01/09/2017 01:02:00 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "D:\Games\Fahrenheit Indigo Prophecy Remastered\Fahrenheit.exe".
Dependent Assembly Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762" could not be found.
Please use sxstrace.exe for detailed diagnosis.


System errors:
=============
Error: (01/10/2017 03:52:54 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
and APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (01/09/2017 07:29:27 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{3185A766-B338-11E4-A71E-12E3F512A338}
and APPID
{7006698D-2974-4091-A424-85DD0B909E23}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (01/09/2017 07:28:55 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
and APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (01/09/2017 03:25:45 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
and APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (01/09/2017 01:13:02 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
and APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (01/09/2017 01:12:45 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Spustenie služby NetTcpPortSharing, od ktorej závisí služba NetTcpActivator, zlyhalo kvôli nasledujúcej chybe:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (01/09/2017 01:10:00 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Spustenie služby NetTcpPortSharing, od ktorej závisí služba NetTcpActivator, zlyhalo kvôli nasledujúcej chybe:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (01/09/2017 01:07:53 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Spustenie služby NetTcpPortSharing, od ktorej závisí služba NetTcpActivator, zlyhalo kvôli nasledujúcej chybe:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (01/09/2017 01:07:07 PM) (Source: DCOM) (EventID: 10005) (User: HF-PC)
Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server:
{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (01/09/2017 01:07:05 PM) (Source: DCOM) (EventID: 10005) (User: HF-PC)
Description: DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server:
{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}


CodeIntegrity:
===================================
Date: 2016-12-16 00:04:50.855
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.StdFormat.dll that did not meet the Microsoft signing level requirements.

Date: 2016-12-16 00:04:50.825
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\ADODB.dll that did not meet the Microsoft signing level requirements.

Date: 2016-12-16 00:04:50.796
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\MSDATASRC.dll that did not meet the Microsoft signing level requirements.

Date: 2016-12-16 00:04:50.738
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.StdFormat.dll that did not meet the Microsoft signing level requirements.

Date: 2016-12-16 00:04:50.730
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\ADODB.dll that did not meet the Microsoft signing level requirements.

Date: 2016-12-16 00:04:50.721
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\MSDATASRC.dll that did not meet the Microsoft signing level requirements.

Date: 2016-12-16 00:04:49.573
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\stdole.dll that did not meet the Microsoft signing level requirements.

Date: 2016-12-16 00:04:49.430
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\stdole.dll that did not meet the Microsoft signing level requirements.

Date: 2016-12-16 00:01:46.333
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.StdFormat.dll that did not meet the Microsoft signing level requirements.

Date: 2016-12-16 00:01:46.275
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\ADODB.dll that did not meet the Microsoft signing level requirements.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5 CPU 760 @ 2.80GHz
Percentage of memory in use: 35%
Total physical RAM: 8190.05 MB
Available physical RAM: 5271.7 MB
Total Virtual: 16382.05 MB
Available Virtual: 12929.32 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:97.22 GB) (Free:46.18 GB) NTFS
Drive d: () (Fixed) (Total:833.76 GB) (Free:53.07 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: A7535621)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=97.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=450 MB) - (Type=27)
Partition 4: (Not Active) - (Size=833.8 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

Re: FIrefox mi otvára nežiadúce web stránky

Napsal: 10 led 2017 17:58
od altrok
:arrow: Mate vypnutou funkci bodu obnoveni - velice doporucuji tuto funkci zapnout.
  • Kliknete pravym na Tento pocitac -> Vlastnosti -> Upresnit nastaveni systemu -> nahore zalozka Ochrana systemu -> oznacte systemovy disk (vetsinou C: ) -> Konfigurovat -> vyberte Obnovit nastaveni systemu a predchozi verze souboru a ulozte klikem na Pouzit.
  • Pokud si chcete hrat s velikosti mista na disku, ktere je vyuzito body obnoveni, nedoporucuji tuto hranici snizovat pod 1 GB. Pokud mate mista na disku dost, ponechte defaultni 3-5% vyuziti disku.


:arrow: Ulozte na plochu AdwCleaner https://toolslib.net/downloads/viewdown ... dwcleaner/ (nebo http://www.bleepingcomputer.com/download/adwcleaner/ )
  • ukoncete vsechny programy
  • kliknete pravym na ikonu AdwCleaneru a vyberte Spustit jako spravce (v pripade Win XP spustte obycejne dvojklikem)
  • kliknete na Scan (Skenovani), pote na Clean (Cisteni)
  • po restartu na Vas vyskoci log (pripadne jej najdete v C:\AdwCleaner\AdwCleaner[Cx].txt), jehoz obsah zkopirujte do pristi odpovedi

Re: FIrefox mi otvára nežiadúce web stránky

Napsal: 10 led 2017 18:10
od Zanzdm
# AdwCleaner v6.042 - *Logfile created 10/01/2017 *at 18:06:42
# *Updated on 06/01/2017 by Malwarebytes
# *Database : 2017-01-10.1 [*Server]
# *Operating System : Windows 10 Home (X64)
# *Username : HF - HF-PC
# *Running from : C:\Users\HF\Downloads\adwcleaner_6.042.exe
# *Mode: Clean
# *Support : https://www.malwarebytes.com/support



***** [ *Services ] *****

[-] *Service deleted: sp_rsdrv2
[-] *Service deleted: SaFiSvc
[-] *Service deleted: dtldrvhelp


***** [ *Folders ] *****

[-] *Folder deleted: C:\Users\HF\AppData\Local\1F0089A0-1483969372-0200-80C2-20CF304CE39F
[-] *Folder deleted: C:\Users\HF\AppData\Roaming\quickclick
[-] *Folder deleted: C:\Users\HF\AppData\Roaming\Microleaves
[-] *Folder deleted: C:\Program Files\RunBooster
[-] *Folder deleted: C:\Program Files\SaFiPlayer
[-] *Folder deleted: C:\ProgramData\Microleaves
[-] *Folder deleted: C:\ProgramData\SaFiPlayer
[-] *Folder deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SaFiPlayer
[-] *Folder deleted: C:\Program Files (x86)\mpck
[-] *Folder deleted: C:\Program Files (x86)\Microleaves
[-] *Folder deleted: C:\Users\HF\AppData\Local\app
[-] *Folder deleted: C:\Users\HF\AppData\Roaming\Mozilla\Firefox\naweriweentcofise


***** [ *Files ] *****

[-] *File deleted: C:\Users\HF\Desktop\Aliexpress.URL
[-] *File deleted: C:\Users\HF\Desktop\AutoTime.lnk
[-] *File deleted: C:\WINDOWS\run.vbs


***** [ DLL ] *****



***** [ WMI ] *****



***** [ *Shortcuts ] *****



***** [ *Scheduled Tasks ] *****

[-] *Task deleted: UCBrowserUpdaterCore


***** [ *Registry ] *****

[-] *Key deleted: HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\GoogleChromeUpService
[#] *Key deleted on reboot: [x64] HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\GoogleChromeUpService
[-] *Key deleted: HKU\.DEFAULT\Software\UCBrowser
[-] *Key deleted: HKU\.DEFAULT\Software\b`nl{y
[-] *Key deleted: HKU\S-1-5-21-4039880186-1844316042-2073029014-1000\Software\Installer
[-] *Key deleted: HKU\S-1-5-21-4039880186-1844316042-2073029014-1000\Software\MICROSOFT\OTUT
[-] *Key deleted: HKU\S-1-5-21-4039880186-1844316042-2073029014-1000\Software\UCBrowserPID
[-] *Key deleted: HKU\S-1-5-21-4039880186-1844316042-2073029014-1000\Software\AutoTime
[-] *Key deleted: HKU\S-1-5-21-4039880186-1844316042-2073029014-1000\Software\SaFiPlayer
[#] *Key deleted on reboot: HKU\S-1-5-18\Software\UCBrowser
[#] *Key deleted on reboot: HKU\S-1-5-18\Software\b`nl{y
[#] *Key deleted on reboot: HKCU\Software\Installer
[#] *Key deleted on reboot: HKCU\Software\MICROSOFT\OTUT
[#] *Key deleted on reboot: HKCU\Software\UCBrowserPID
[#] *Key deleted on reboot: HKCU\Software\AutoTime
[#] *Key deleted on reboot: HKCU\Software\SaFiPlayer
[-] *Key deleted: HKLM\SOFTWARE\UCBrowserPID
[-] *Key deleted: HKLM\SOFTWARE\b`nl{y
[-] *Key deleted: HKLM\SOFTWARE\Microleaves
[-] *Key deleted: HKLM\SOFTWARE\SaFiPlayer
[-] *Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PopupProduct
[-] *Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CleanBrowser
[#] *Key deleted on reboot: [x64] HKCU\Software\Installer
[#] *Key deleted on reboot: [x64] HKCU\Software\MICROSOFT\OTUT
[#] *Key deleted on reboot: [x64] HKCU\Software\UCBrowserPID
[#] *Key deleted on reboot: [x64] HKCU\Software\AutoTime
[#] *Key deleted on reboot: [x64] HKCU\Software\SaFiPlayer
[-] *Key deleted: [x64] HKLM\SOFTWARE\UCBrowser
[-] *Key deleted: [x64] HKLM\SOFTWARE\b`nl{y
[-] *Key deleted: [x64] HKLM\SOFTWARE\RunBooster
[-] *Key deleted: [x64] HKLM\SOFTWARE\Microleaves
[-] *Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RunBooster


***** [ *Browsers ] *****



*************************

:: *"Tracing" keys deleted
:: *Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [3847 *Bytes] - [10/01/2017 18:06:42]
C:\AdwCleaner\AdwCleaner[R0].txt - [5994 *Bytes] - [21/01/2015 22:06:06]
C:\AdwCleaner\AdwCleaner[S0].txt - [6462 *Bytes] - [21/01/2015 22:08:22]
C:\AdwCleaner\AdwCleaner[S1].txt - [3854 *Bytes] - [10/01/2017 18:05:57]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [4143 *Bytes] ##########

Re: FIrefox mi otvára nežiadúce web stránky

Napsal: 10 led 2017 18:37
od altrok
:arrow: Odinstalujte starou a zranitelnou verzi Javy. Pokud Javu potrebujete, pak nainstalujte novou z java.com/verify - pozor na adware pri instalaci. Pote se presvedcte, ze starsi verze jsou odinstalovane. Z hlediska bezpecnosti (zranitelnosti a exploity) je lepsi ji nemit. Aktualni je 8U111. Verze Javy, ktere v PC mate nainstalovane:

  • Java 8 Update 101





  • Do Poznamkoveho bloku (Start -> spustit -> notepad) zkopirujte obsah bileho pole
  • ulozte na plochu jako fixlist (Typ souboru: Textovy dokument)
  • znovu spustte FRST a kliknete na Fix
  • po restartu bude na plose ulozen fixlog, jehoz obsah vlozte do pristi odpovedi

    Kód: Vybrat vše

    Start
CreateRestorePoint:
CloseProcesses:
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2398776 2016-06-15] (NVIDIA Corporation)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKU\S-1-5-21-4039880186-1844316042-2073029014-1000\...\Run: [Facebook Update] => C:\Users\HF\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2014-12-07] (Facebook Inc.)
HKU\S-1-5-21-4039880186-1844316042-2073029014-1000\...\Run: [J9J4WH4S6Y] => C:\Program Files\NERH5YV48N\NERH5YV48.exe [369664 2017-01-09] ()
HKU\S-1-5-21-4039880186-1844316042-2073029014-1000\...\Run: [DN0BOLUB1H] => C:\Program Files\XGA2TBQJOS\XGA2TBQJO.exe [369664 2017-01-09] ()
HKU\S-1-5-21-4039880186-1844316042-2073029014-1000\...\Run: [RB26CLMKZL] => C:\Program Files\VOXR3SMG36\VOXR3SMG3.exe [369664 2017-01-09] ()
HKU\S-1-5-18\...\Run: [] => 0
SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
R2 fewojuji; C:\Program Files (x86)\368b2629-7a03-4729-9ab5-7b52dcab61d01483953004\kns8F9A.tmp [460800 2017-01-09] () [File not signed]
S2 KMService; C:\Windows\SysWOW64\srvany.exe [8192 2014-12-30] () [File not signed]
R2 Qotackcoaback; C:\Program Files (x86)\Arorit\drhcnf.dll [178688 2017-01-09] () [File not signed]
R2 SaFiSvc; C:\Program Files\SaFiPlayer\SaFiSvc.dll [324336 2017-01-03] ()
S3 Disc Soft Bus Service; "d:\Program Files (x86)\DAEMON Tools Pro\DiscSoftBusService.exe" [X]
File: C:\WINDOWS\system32\drivers\WinDivert64.sys
U3 idsvc; no ImagePath

2017-01-10 17:01 - 2017-01-10 17:02 - 00000000 ____D C:\rsit
2017-01-10 17:01 - 2017-01-10 17:02 - 00000000 ____D C:\Program Files\trend micro
2017-01-10 17:01 - 2017-01-10 17:01 - 01222144 _____ C:\Users\HF\Downloads\RSITx64.exe
Folder: C:\Users\HF\AppData\Local\1F0089A0-1483969372-0200-80C2-20CF304CE39F
2017-01-09 11:46 - 2017-01-09 12:04 - 00000000 ____D C:\Users\HF\AppData\Roaming\Gireshckcge
2017-01-09 11:46 - 2017-01-09 11:46 - 00000000 ____D C:\Program Files (x86)\Zohtckileied Configuration
2017-01-09 11:46 - 2017-01-09 11:46 - 00000000 ____D C:\Program Files (x86)\Anomusyercit
2017-01-09 10:20 - 2017-01-09 10:20 - 00000000 ____D C:\Program Files\VOXR3SMG36
2017-01-09 10:17 - 2017-01-09 10:17 - 00000000 ____D C:\Users\HF\AppData\Local\Presowardanahotion
2017-01-09 10:11 - 2017-01-09 11:48 - 00000000 ____D C:\Users\HF\AppData\Local\app
2017-01-09 10:11 - 2017-01-09 10:50 - 00000000 ____D C:\Program Files (x86)\mpck
2017-01-09 10:11 - 2017-01-09 10:11 - 00000000 ____D C:\Program Files\XGA2TBQJOS
2017-01-09 10:11 - 2017-01-09 10:11 - 00000000 ____D C:\Program Files\NERH5YV48N
2017-01-09 10:11 - 2017-01-09 10:11 - 00000000 ____D C:\Program Files (x86)\baidu
2017-01-09 10:10 - 2017-01-10 15:50 - 00000000 ____D C:\Program Files (x86)\368b2629-7a03-4729-9ab5-7b52dcab61d01483953004
2017-01-09 10:10 - 2017-01-09 10:50 - 00000000 ____D C:\Program Files\RunBooster
2017-01-09 10:10 - 2017-01-09 10:10 - 00037552 _____ (Basil) C:\WINDOWS\system32\Drivers\WinDivert64.sys
2017-01-09 10:10 - 2017-01-09 10:10 - 00000334 _____ C:\Users\HF\Desktop\Booking.com.url
2017-01-09 10:10 - 2017-01-09 10:10 - 00000329 _____ C:\Users\HF\Desktop\AliExpress.url
2017-01-09 10:10 - 2017-01-09 10:10 - 00000000 _____ C:\TOSTACK
2017-01-09 10:08 - 2017-01-09 10:49 - 00000000 ____D C:\ProgramData\Microleaves
2017-01-09 10:07 - 2017-01-09 10:13 - 00000000 ____D C:\ProgramData\SaFiPlayer
2017-01-09 10:07 - 2017-01-09 10:07 - 00000954 _____ C:\Users\HF\AppData\Roaming\coreavc.ini
2017-01-09 10:07 - 2017-01-09 10:07 - 00000000 ___HD C:\Users\Public\Device
2017-01-09 10:06 - 2017-01-09 13:02 - 00000000 ____D C:\Program Files (x86)\UCBrowser
2017-01-09 10:06 - 2017-01-09 11:08 - 00002652 _____ C:\WINDOWS\System32\Tasks\UCBrowserUpdaterCore
2017-01-09 10:06 - 2017-01-09 10:06 - 00003476 _____ C:\WINDOWS\System32\Tasks\UCBrowserSecureUpdater
2017-01-09 10:06 - 2017-01-09 10:06 - 00003474 _____ C:\WINDOWS\System32\Tasks\UCBrowserUpdater
2017-01-09 10:06 - 2017-01-09 10:06 - 00000000 ____D C:\Users\HF\AppData\Local\UCBrowser
2017-01-09 10:06 - 2017-01-09 10:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SaFiPlayer
2017-01-09 10:06 - 2017-01-09 10:06 - 00000000 ____D C:\Program Files\SaFiPlayer
2017-01-09 10:05 - 2017-01-09 10:49 - 00000000 ____D C:\Program Files (x86)\Microleaves
2017-01-09 10:05 - 2017-01-09 10:05 - 00001167 _____ C:\Users\HF\Desktop\AutoTime.lnk
2017-01-09 10:05 - 2017-01-09 10:05 - 00000000 ____D C:\Users\Default\AppData\Local\AdvinstAnalytics
2017-01-09 10:05 - 2017-01-09 10:05 - 00000000 ____D C:\Users\Default User\AppData\Local\AdvinstAnalytics
2017-01-09 10:04 - 2017-01-09 10:50 - 00000000 ____D C:\Users\HF\AppData\Roaming\Arolertainmekeing
2017-01-09 10:04 - 2017-01-09 10:15 - 00000000 ____D C:\Program Files (x86)\Arorit
2017-01-09 10:04 - 2017-01-09 10:05 - 00000000 ____D C:\Users\HF\AppData\Roaming\Microleaves
2017-01-09 10:04 - 2017-01-09 10:04 - 00000000 ____D C:\Users\HF\AppData\Local\Kerfesydcale
Folder: C:\WINDOWS\Downloaded Program Files
Folder: C:\WINDOWS\Setup
2017-01-09 10:10 - 2017-01-09 10:10 - 0023622 _____ () C:\Users\HF\AppData\Roaming\aliexpress.ico
2017-01-09 10:10 - 2017-01-09 10:10 - 0099678 _____ () C:\Users\HF\AppData\Roaming\booking.ico
2017-01-09 10:07 - 2017-01-09 10:07 - 0000954 _____ () C:\Users\HF\AppData\Roaming\coreavc.ini
Task: {06736D35-FF82-46B8-AAA8-BBD596C01F47} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {15D5ADA6-9DF7-4B1C-BFC8-24E9EFECADBB} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {38B0883A-B890-4767-BAAC-84B314613FE5} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {3C6BECA6-82E6-4635-9E90-0E892C76FE4C} - \Microsoft\Windows\Setup\GWXTriggers\Time-Weekend -> No File <==== ATTENTION
Task: {432A35EE-8104-433F-A4A4-56996C3EAF79} - System32\Tasks\UCBrowserUpdater => C:\Program Files (x86)\UCBrowser\Application\update_task.exe <==== ATTENTION
File: C:\Program Files\Microsoft Security Client\MpCmdRun.exe
Task: {5859EF57-FFCA-4A37-9159-D56EABC6D4D2} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {6FBC6428-B052-4C13-88D2-C1E7DDFFA875} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {724EE812-2501-44E6-A340-95E28D4F8EDE} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {80AD4F2A-EB9E-4DCE-B8A8-55C08FB51C6F} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {881F291F-D866-4368-A4E8-3FE736A33FD3} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {9C8113AB-B73A-4576-A646-B1E2C7F3D0DE} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {9E62FCF7-AEE8-4CA6-942C-062B8BD7193C} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {AD3DC121-AE21-4E52-A67A-03EE57E0D72F} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {AD566290-7CCF-4554-AD75-7A3C4F70FF9E} - System32\Tasks\UCBrowserUpdaterCore => C:\Program Files (x86)\UCBrowser\Application\update_task.exe <==== ATTENTION
Task: {B0B1D70F-75C2-49FC-821F-DC0882A84DC6} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {B0B51D71-39D1-4FEB-9B5A-63B38490B61D} - \Microsoft\Windows\Setup\gwx\rundetector -> No File <==== ATTENTION
Task: {C726FFC9-2ED4-49CF-9D87-3A00A4CFDD8B} - System32\Tasks\UCBrowserSecureUpdater => C:\Program Files (x86)\UCBrowser\Security\uclauncher.exe <==== ATTENTION
Task: {CCAA96FB-689C-44CF-8EEA-F65BDF25A93F} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {EAE16547-FBCF-42A9-B654-9686FFE6220D} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
AlternateDataStreams: C:\ProgramData\TEMP:55F44B88 [99]
FirewallRules: [{241CC4B7-1C64-4EBE-BF2F-3975DEFC61EF}] => C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe
FirewallRules: [{11E3A738-4EBA-47F5-AF67-8C2D280A676C}] => C:\Program Files (x86)\UCBrowser\Application\Downloader\download\MiniThunderPlatform.exe
FirewallRules: [{B8FB622D-1D1B-4F0F-B2E0-CDE144159E4F}] => C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe
FirewallRules: [TCP Query User{688F0FF4-3E9C-45A7-A468-477DA861A70B}C:\program files\safiplayer\safiterminal.exe] => C:\program files\safiplayer\safiterminal.exe
FirewallRules: [UDP Query User{AE70EEC6-164F-40A0-A228-14636A5938C7}C:\program files\safiplayer\safiterminal.exe] => C:\program files\safiplayer\safiterminal.exe
FirewallRules: [TCP Query User{2B6683B2-39D6-477C-8060-B07AE9F2DB8C}C:\program files\safiplayer\safiplayer.exe] => C:\program files\safiplayer\safiplayer.exe
FirewallRules: [UDP Query User{15EED2C4-B64D-47AD-B846-6AEC90143C40}C:\program files\safiplayer\safiplayer.exe] => C:\program files\safiplayer\safiplayer.exe
Hosts:
EmptyTemp:
End

Re: FIrefox mi otvára nežiadúce web stránky

Napsal: 10 led 2017 18:59
od Zanzdm
Fix result of Farbar Recovery Scan Tool (x64) Version: 08-01-2017
Ran by HF (10-01-2017 18:53:17) Run:1
Running from C:\Users\HF\Desktop
Loaded Profiles: HF (Available Profiles: HF & DefaultAppPool)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CreateRestorePoint:
CloseProcesses:
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2398776 2016-06-15] (NVIDIA Corporation)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKU\S-1-5-21-4039880186-1844316042-2073029014-1000\...\Run: [Facebook Update] => C:\Users\HF\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2014-12-07] (Facebook Inc.)
HKU\S-1-5-21-4039880186-1844316042-2073029014-1000\...\Run: [J9J4WH4S6Y] => C:\Program Files\NERH5YV48N\NERH5YV48.exe [369664 2017-01-09] ()
HKU\S-1-5-21-4039880186-1844316042-2073029014-1000\...\Run: [DN0BOLUB1H] => C:\Program Files\XGA2TBQJOS\XGA2TBQJO.exe [369664 2017-01-09] ()
HKU\S-1-5-21-4039880186-1844316042-2073029014-1000\...\Run: [RB26CLMKZL] => C:\Program Files\VOXR3SMG36\VOXR3SMG3.exe [369664 2017-01-09] ()
HKU\S-1-5-18\...\Run: [] => 0
SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
R2 fewojuji; C:\Program Files (x86)\368b2629-7a03-4729-9ab5-7b52dcab61d01483953004\kns8F9A.tmp [460800 2017-01-09] () [File not signed]
S2 KMService; C:\Windows\SysWOW64\srvany.exe [8192 2014-12-30] () [File not signed]
R2 Qotackcoaback; C:\Program Files (x86)\Arorit\drhcnf.dll [178688 2017-01-09] () [File not signed]
R2 SaFiSvc; C:\Program Files\SaFiPlayer\SaFiSvc.dll [324336 2017-01-03] ()
S3 Disc Soft Bus Service; "d:\Program Files (x86)\DAEMON Tools Pro\DiscSoftBusService.exe" [X]
File: C:\WINDOWS\system32\drivers\WinDivert64.sys
U3 idsvc; no ImagePath

2017-01-10 17:01 - 2017-01-10 17:02 - 00000000 ____D C:\rsit
2017-01-10 17:01 - 2017-01-10 17:02 - 00000000 ____D C:\Program Files\trend micro
2017-01-10 17:01 - 2017-01-10 17:01 - 01222144 _____ C:\Users\HF\Downloads\RSITx64.exe
Folder: C:\Users\HF\AppData\Local\1F0089A0-1483969372-0200-80C2-20CF304CE39F
2017-01-09 11:46 - 2017-01-09 12:04 - 00000000 ____D C:\Users\HF\AppData\Roaming\Gireshckcge
2017-01-09 11:46 - 2017-01-09 11:46 - 00000000 ____D C:\Program Files (x86)\Zohtckileied Configuration
2017-01-09 11:46 - 2017-01-09 11:46 - 00000000 ____D C:\Program Files (x86)\Anomusyercit
2017-01-09 10:20 - 2017-01-09 10:20 - 00000000 ____D C:\Program Files\VOXR3SMG36
2017-01-09 10:17 - 2017-01-09 10:17 - 00000000 ____D C:\Users\HF\AppData\Local\Presowardanahotion
2017-01-09 10:11 - 2017-01-09 11:48 - 00000000 ____D C:\Users\HF\AppData\Local\app
2017-01-09 10:11 - 2017-01-09 10:50 - 00000000 ____D C:\Program Files (x86)\mpck
2017-01-09 10:11 - 2017-01-09 10:11 - 00000000 ____D C:\Program Files\XGA2TBQJOS
2017-01-09 10:11 - 2017-01-09 10:11 - 00000000 ____D C:\Program Files\NERH5YV48N
2017-01-09 10:11 - 2017-01-09 10:11 - 00000000 ____D C:\Program Files (x86)\baidu
2017-01-09 10:10 - 2017-01-10 15:50 - 00000000 ____D C:\Program Files (x86)\368b2629-7a03-4729-9ab5-7b52dcab61d01483953004
2017-01-09 10:10 - 2017-01-09 10:50 - 00000000 ____D C:\Program Files\RunBooster
2017-01-09 10:10 - 2017-01-09 10:10 - 00037552 _____ (Basil) C:\WINDOWS\system32\Drivers\WinDivert64.sys
2017-01-09 10:10 - 2017-01-09 10:10 - 00000334 _____ C:\Users\HF\Desktop\Booking.com.url
2017-01-09 10:10 - 2017-01-09 10:10 - 00000329 _____ C:\Users\HF\Desktop\AliExpress.url
2017-01-09 10:10 - 2017-01-09 10:10 - 00000000 _____ C:\TOSTACK
2017-01-09 10:08 - 2017-01-09 10:49 - 00000000 ____D C:\ProgramData\Microleaves
2017-01-09 10:07 - 2017-01-09 10:13 - 00000000 ____D C:\ProgramData\SaFiPlayer
2017-01-09 10:07 - 2017-01-09 10:07 - 00000954 _____ C:\Users\HF\AppData\Roaming\coreavc.ini
2017-01-09 10:07 - 2017-01-09 10:07 - 00000000 ___HD C:\Users\Public\Device
2017-01-09 10:06 - 2017-01-09 13:02 - 00000000 ____D C:\Program Files (x86)\UCBrowser
2017-01-09 10:06 - 2017-01-09 11:08 - 00002652 _____ C:\WINDOWS\System32\Tasks\UCBrowserUpdaterCore
2017-01-09 10:06 - 2017-01-09 10:06 - 00003476 _____ C:\WINDOWS\System32\Tasks\UCBrowserSecureUpdater
2017-01-09 10:06 - 2017-01-09 10:06 - 00003474 _____ C:\WINDOWS\System32\Tasks\UCBrowserUpdater
2017-01-09 10:06 - 2017-01-09 10:06 - 00000000 ____D C:\Users\HF\AppData\Local\UCBrowser
2017-01-09 10:06 - 2017-01-09 10:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SaFiPlayer
2017-01-09 10:06 - 2017-01-09 10:06 - 00000000 ____D C:\Program Files\SaFiPlayer
2017-01-09 10:05 - 2017-01-09 10:49 - 00000000 ____D C:\Program Files (x86)\Microleaves
2017-01-09 10:05 - 2017-01-09 10:05 - 00001167 _____ C:\Users\HF\Desktop\AutoTime.lnk
2017-01-09 10:05 - 2017-01-09 10:05 - 00000000 ____D C:\Users\Default\AppData\Local\AdvinstAnalytics
2017-01-09 10:05 - 2017-01-09 10:05 - 00000000 ____D C:\Users\Default User\AppData\Local\AdvinstAnalytics
2017-01-09 10:04 - 2017-01-09 10:50 - 00000000 ____D C:\Users\HF\AppData\Roaming\Arolertainmekeing
2017-01-09 10:04 - 2017-01-09 10:15 - 00000000 ____D C:\Program Files (x86)\Arorit
2017-01-09 10:04 - 2017-01-09 10:05 - 00000000 ____D C:\Users\HF\AppData\Roaming\Microleaves
2017-01-09 10:04 - 2017-01-09 10:04 - 00000000 ____D C:\Users\HF\AppData\Local\Kerfesydcale
Folder: C:\WINDOWS\Downloaded Program Files
Folder: C:\WINDOWS\Setup
2017-01-09 10:10 - 2017-01-09 10:10 - 0023622 _____ () C:\Users\HF\AppData\Roaming\aliexpress.ico
2017-01-09 10:10 - 2017-01-09 10:10 - 0099678 _____ () C:\Users\HF\AppData\Roaming\booking.ico
2017-01-09 10:07 - 2017-01-09 10:07 - 0000954 _____ () C:\Users\HF\AppData\Roaming\coreavc.ini
Task: {06736D35-FF82-46B8-AAA8-BBD596C01F47} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {15D5ADA6-9DF7-4B1C-BFC8-24E9EFECADBB} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {38B0883A-B890-4767-BAAC-84B314613FE5} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {3C6BECA6-82E6-4635-9E90-0E892C76FE4C} - \Microsoft\Windows\Setup\GWXTriggers\Time-Weekend -> No File <==== ATTENTION
Task: {432A35EE-8104-433F-A4A4-56996C3EAF79} - System32\Tasks\UCBrowserUpdater => C:\Program Files (x86)\UCBrowser\Application\update_task.exe <==== ATTENTION
File: C:\Program Files\Microsoft Security Client\MpCmdRun.exe
Task: {5859EF57-FFCA-4A37-9159-D56EABC6D4D2} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {6FBC6428-B052-4C13-88D2-C1E7DDFFA875} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {724EE812-2501-44E6-A340-95E28D4F8EDE} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {80AD4F2A-EB9E-4DCE-B8A8-55C08FB51C6F} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {881F291F-D866-4368-A4E8-3FE736A33FD3} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {9C8113AB-B73A-4576-A646-B1E2C7F3D0DE} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {9E62FCF7-AEE8-4CA6-942C-062B8BD7193C} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {AD3DC121-AE21-4E52-A67A-03EE57E0D72F} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {AD566290-7CCF-4554-AD75-7A3C4F70FF9E} - System32\Tasks\UCBrowserUpdaterCore => C:\Program Files (x86)\UCBrowser\Application\update_task.exe <==== ATTENTION
Task: {B0B1D70F-75C2-49FC-821F-DC0882A84DC6} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {B0B51D71-39D1-4FEB-9B5A-63B38490B61D} - \Microsoft\Windows\Setup\gwx\rundetector -> No File <==== ATTENTION
Task: {C726FFC9-2ED4-49CF-9D87-3A00A4CFDD8B} - System32\Tasks\UCBrowserSecureUpdater => C:\Program Files (x86)\UCBrowser\Security\uclauncher.exe <==== ATTENTION
Task: {CCAA96FB-689C-44CF-8EEA-F65BDF25A93F} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {EAE16547-FBCF-42A9-B654-9686FFE6220D} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
AlternateDataStreams: C:\ProgramData\TEMP:55F44B88 [99]
FirewallRules: [{241CC4B7-1C64-4EBE-BF2F-3975DEFC61EF}] => C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe
FirewallRules: [{11E3A738-4EBA-47F5-AF67-8C2D280A676C}] => C:\Program Files (x86)\UCBrowser\Application\Downloader\download\MiniThunderPlatform.exe
FirewallRules: [{B8FB622D-1D1B-4F0F-B2E0-CDE144159E4F}] => C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe
FirewallRules: [TCP Query User{688F0FF4-3E9C-45A7-A468-477DA861A70B}C:\program files\safiplayer\safiterminal.exe] => C:\program files\safiplayer\safiterminal.exe
FirewallRules: [UDP Query User{AE70EEC6-164F-40A0-A228-14636A5938C7}C:\program files\safiplayer\safiterminal.exe] => C:\program files\safiplayer\safiterminal.exe
FirewallRules: [TCP Query User{2B6683B2-39D6-477C-8060-B07AE9F2DB8C}C:\program files\safiplayer\safiplayer.exe] => C:\program files\safiplayer\safiplayer.exe
FirewallRules: [UDP Query User{15EED2C4-B64D-47AD-B846-6AEC90143C40}C:\program files\safiplayer\safiplayer.exe] => C:\program files\safiplayer\safiplayer.exe
Hosts:
EmptyTemp:
End
*****************

Restore point was successfully created.
Processes closed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\NvBackend => value removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\HP Software Update => value removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\EnableShellExecuteHooks => value removed successfully
HKU\S-1-5-21-4039880186-1844316042-2073029014-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Facebook Update => value removed successfully
HKU\S-1-5-21-4039880186-1844316042-2073029014-1000\Software\Microsoft\Windows\CurrentVersion\Run\\J9J4WH4S6Y => value removed successfully
HKU\S-1-5-21-4039880186-1844316042-2073029014-1000\Software\Microsoft\Windows\CurrentVersion\Run\\DN0BOLUB1H => value removed successfully
HKU\S-1-5-21-4039880186-1844316042-2073029014-1000\Software\Microsoft\Windows\CurrentVersion\Run\\RB26CLMKZL => value removed successfully
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => key removed successfully
HKCR\Wow6432Node\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => key not found.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
fewojuji => service not found.
HKLM\System\CurrentControlSet\Services\KMService => key removed successfully
KMService => service removed successfully
HKLM\System\CurrentControlSet\Services\Qotackcoaback => key removed successfully
Qotackcoaback => service removed successfully
HKLM\System\CurrentControlSet\Services\SaFiSvc => key removed successfully
SaFiSvc => service removed successfully
HKLM\System\CurrentControlSet\Services\Disc Soft Bus Service => key removed successfully
Disc Soft Bus Service => service removed successfully

========================= File: C:\WINDOWS\system32\drivers\WinDivert64.sys ========================

File is digitally signed
MD5: 79C5CF934F3DEC1E21D6E07DB4229970
Creation and modification date: 2017-01-09 10:10 - 2017-01-09 10:10
Size: 0037552
Attributes: ----A
Company Name: Basil
Internal Name: WinDivert.sys
Original Name: WinDivert.sys
Product: WinDivert driver
Description: WinDivert https://reqrypt.org/windivert.html 1C5vZVSbizPeZ8ydTYhUfm4LA2cNwBfcYh
File Version: 1.2 built by: WinDDK
Product Version: 1.2
Copyright: Copyright © Basil 2011-2015

====== End of File: ======

HKLM\System\CurrentControlSet\Services\idsvc => key removed successfully
idsvc => service removed successfully
C:\rsit => moved successfully
C:\Program Files\trend micro => moved successfully
C:\Users\HF\Downloads\RSITx64.exe => moved successfully

========================= Folder: C:\Users\HF\AppData\Local\1F0089A0-1483969372-0200-80C2-20CF304CE39F ========================

not found.

====== End of Folder: ======

C:\Users\HF\AppData\Roaming\Gireshckcge => moved successfully
C:\Program Files (x86)\Zohtckileied Configuration => moved successfully
C:\Program Files (x86)\Anomusyercit => moved successfully
C:\Program Files\VOXR3SMG36 => moved successfully
C:\Users\HF\AppData\Local\Presowardanahotion => moved successfully
"C:\Users\HF\AppData\Local\app" => not found.
"C:\Program Files (x86)\mpck" => not found.
C:\Program Files\XGA2TBQJOS => moved successfully
C:\Program Files\NERH5YV48N => moved successfully
C:\Program Files (x86)\baidu => moved successfully
C:\Program Files (x86)\368b2629-7a03-4729-9ab5-7b52dcab61d01483953004 => moved successfully
"C:\Program Files\RunBooster" => not found.
C:\WINDOWS\system32\Drivers\WinDivert64.sys => moved successfully
C:\Users\HF\Desktop\Booking.com.url => moved successfully
"C:\Users\HF\Desktop\AliExpress.url" => not found.
C:\TOSTACK => moved successfully
"C:\ProgramData\Microleaves" => not found.
"C:\ProgramData\SaFiPlayer" => not found.
C:\Users\HF\AppData\Roaming\coreavc.ini => moved successfully
C:\Users\Public\Device => moved successfully

"C:\Program Files (x86)\UCBrowser" folder move:

Could not move "C:\Program Files (x86)\UCBrowser" => Scheduled to move on reboot.

C:\WINDOWS\System32\Tasks\UCBrowserUpdaterCore => moved successfully
C:\WINDOWS\System32\Tasks\UCBrowserSecureUpdater => moved successfully
C:\WINDOWS\System32\Tasks\UCBrowserUpdater => moved successfully
C:\Users\HF\AppData\Local\UCBrowser => moved successfully
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SaFiPlayer => moved successfully
C:\Program Files\SaFiPlayer => moved successfully
"C:\Program Files (x86)\Microleaves" => not found.
C:\Users\HF\Desktop\AutoTime.lnk => moved successfully
C:\Users\Default\AppData\Local\AdvinstAnalytics => moved successfully
"C:\Users\Default User\AppData\Local\AdvinstAnalytics" => not found.
C:\Users\HF\AppData\Roaming\Arolertainmekeing => moved successfully
C:\Program Files (x86)\Arorit => moved successfully
"C:\Users\HF\AppData\Roaming\Microleaves" => not found.
C:\Users\HF\AppData\Local\Kerfesydcale => moved successfully

========================= Folder: C:\WINDOWS\Downloaded Program Files ========================

2016-07-16 12:47 - 2016-07-16 12:45 - 0000065 ___SH () C:\WINDOWS\Downloaded Program Files\desktop.ini

====== End of Folder: ======


========================= Folder: C:\WINDOWS\Setup ========================

2016-07-16 12:49 - 2016-07-16 12:49 - 0000000 ____D () C:\WINDOWS\Setup\State
2016-07-16 12:49 - 2016-08-07 10:21 - 0000042 _____ () C:\WINDOWS\Setup\State\State.ini

====== End of Folder: ======

C:\Users\HF\AppData\Roaming\aliexpress.ico => moved successfully
C:\Users\HF\AppData\Roaming\booking.ico => moved successfully
"C:\Users\HF\AppData\Roaming\coreavc.ini" => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{06736D35-FF82-46B8-AAA8-BBD596C01F47} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{06736D35-FF82-46B8-AAA8-BBD596C01F47} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{15D5ADA6-9DF7-4B1C-BFC8-24E9EFECADBB} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{15D5ADA6-9DF7-4B1C-BFC8-24E9EFECADBB} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{38B0883A-B890-4767-BAAC-84B314613FE5} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{38B0883A-B890-4767-BAAC-84B314613FE5} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3C6BECA6-82E6-4635-9E90-0E892C76FE4C} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3C6BECA6-82E6-4635-9E90-0E892C76FE4C} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-Weekend => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{432A35EE-8104-433F-A4A4-56996C3EAF79} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{432A35EE-8104-433F-A4A4-56996C3EAF79} => key removed successfully
C:\WINDOWS\System32\Tasks\UCBrowserUpdater => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\UCBrowserUpdater => key removed successfully

========================= File: C:\Program Files\Microsoft Security Client\MpCmdRun.exe ========================

"C:\Program Files\Microsoft Security Client\MpCmdRun.exe" => not found.
====== End of File: ======

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5859EF57-FFCA-4A37-9159-D56EABC6D4D2} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5859EF57-FFCA-4A37-9159-D56EABC6D4D2} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6FBC6428-B052-4C13-88D2-C1E7DDFFA875} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6FBC6428-B052-4C13-88D2-C1E7DDFFA875} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{724EE812-2501-44E6-A340-95E28D4F8EDE} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{724EE812-2501-44E6-A340-95E28D4F8EDE} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{80AD4F2A-EB9E-4DCE-B8A8-55C08FB51C6F} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{80AD4F2A-EB9E-4DCE-B8A8-55C08FB51C6F} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{881F291F-D866-4368-A4E8-3FE736A33FD3} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{881F291F-D866-4368-A4E8-3FE736A33FD3} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9C8113AB-B73A-4576-A646-B1E2C7F3D0DE} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9C8113AB-B73A-4576-A646-B1E2C7F3D0DE} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{9E62FCF7-AEE8-4CA6-942C-062B8BD7193C} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9E62FCF7-AEE8-4CA6-942C-062B8BD7193C} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AD3DC121-AE21-4E52-A67A-03EE57E0D72F} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AD3DC121-AE21-4E52-A67A-03EE57E0D72F} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OfficeSoftwareProtectionPlatform\SvcRestartTask => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AD566290-7CCF-4554-AD75-7A3C4F70FF9E} => key not found.
C:\WINDOWS\System32\Tasks\UCBrowserUpdaterCore => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\UCBrowserUpdaterCore => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B0B1D70F-75C2-49FC-821F-DC0882A84DC6} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B0B1D70F-75C2-49FC-821F-DC0882A84DC6} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B0B51D71-39D1-4FEB-9B5A-63B38490B61D} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B0B51D71-39D1-4FEB-9B5A-63B38490B61D} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\rundetector => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{C726FFC9-2ED4-49CF-9D87-3A00A4CFDD8B} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C726FFC9-2ED4-49CF-9D87-3A00A4CFDD8B} => key removed successfully
C:\WINDOWS\System32\Tasks\UCBrowserSecureUpdater => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\UCBrowserSecureUpdater => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CCAA96FB-689C-44CF-8EEA-F65BDF25A93F} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CCAA96FB-689C-44CF-8EEA-F65BDF25A93F} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{EAE16547-FBCF-42A9-B654-9686FFE6220D} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EAE16547-FBCF-42A9-B654-9686FFE6220D} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d => key removed successfully
C:\ProgramData\TEMP => ":55F44B88" ADS removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{241CC4B7-1C64-4EBE-BF2F-3975DEFC61EF} => value not found.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{11E3A738-4EBA-47F5-AF67-8C2D280A676C} => value not found.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B8FB622D-1D1B-4F0F-B2E0-CDE144159E4F} => value not found.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{688F0FF4-3E9C-45A7-A468-477DA861A70B}C:\program files\safiplayer\safiterminal.exe => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{AE70EEC6-164F-40A0-A228-14636A5938C7}C:\program files\safiplayer\safiterminal.exe => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{2B6683B2-39D6-477C-8060-B07AE9F2DB8C}C:\program files\safiplayer\safiplayer.exe => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{15EED2C4-B64D-47AD-B846-6AEC90143C40}C:\program files\safiplayer\safiplayer.exe => value removed successfully
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

=========== EmptyTemp: ==========

BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 192406087 B
Java, Flash, Steam htmlcache => 145451811 B
Windows/system/drivers => 90437699 B
Edge => 4049323 B
Chrome => 0 B
Firefox => 389161846 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 16674 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 66016 B
NetworkService => 175506 B
HF => 972312561 B
DefaultAppPool => 16674 B

RecycleBin => 0 B
EmptyTemp: => 1.7 GB temporary data Removed.

================================

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 10-01-2017 18:57:40)

"C:\Program Files (x86)\UCBrowser" => Could not move

Result of scheduled keys to remove after reboot:


==== End of Fixlog 18:57:43 ====

Re: FIrefox mi otvára nežiadúce web stránky

Napsal: 10 led 2017 19:00
od Zanzdm
Na ploche sa mi objavil nový browser UCbrowser.
Javu som odinštaloval.

Re: FIrefox mi otvára nežiadúce web stránky

Napsal: 10 led 2017 20:39
od altrok
Pocitaci by se ted melo znacne odlehcit. Dejte prosim nove logy FRST.txt a Addition.txt.

Re: FIrefox mi otvára nežiadúce web stránky

Napsal: 11 led 2017 00:46
od Zanzdm
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 08-01-2017
Ran by HF (administrator) on HF-PC (11-01-2017 00:43:09)
Running from C:\Users\HF\Desktop
Loaded Profiles: HF (Available Profiles: HF & DefaultAppPool)
Platform: Windows 10 Home Version 1607 (X64) Language: Slovenčina (Slovensko)
Internet Explorer Version 11 (Default browser: "C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe" -- "%1")
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Crawler Group, LLC) C:\Program Files (x86)\Spyware Terminator\st_rsser64.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
() C:\ProgramData\service.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(HP) C:\Windows\System32\HPSIsvc.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.145.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Crawler Group, LLC) C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler64.exe
(Crawler Group, LLC) C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 4620 series\Bin\ScanToPCActivationApp.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe
(Mozilla Corporation) D:\Program Files (x86)\Mozilla Firefox\firefox.exe
(GOG.com) C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe
(GOG.com) C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe
(GOG.com) C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe
(GOG.com) C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\SeaPort.EXE
(Ghisler Software GmbH) D:\Program Files (x86)\Total Commander 64bit 8.0\TOTALCMD64.EXE
() C:\Program Files (x86)\UCBrowser\Application\UCService.exe
() C:\Program Files (x86)\UCBrowser\Application\6.0.1471.3\UCAgent.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SpywareTerminatorShield] => C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe [5318992 2015-12-10] (Crawler Group, LLC)
HKLM\...\Run: [SpywareTerminatorUpdater] => C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe [5557584 2015-12-10] (Crawler Group, LLC)
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2016-09-07] (Microsoft Corporation)
HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-12] (Logitech Inc.)
HKLM\...\Policies\Explorer: [NoActiveDesktop] 1 [0 2015-06-28] ()
HKLM\...\Policies\Explorer: [NoActiveDesktopChanges] 1 [0 2015-06-28] ()
HKU\S-1-5-21-4039880186-1844316042-2073029014-1000\...\Run: [HP Deskjet 4620 series (NET)] => C:\Program Files\HP\HP Deskjet 4620 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-4039880186-1844316042-2073029014-1000\...\Run: [GalaxyClient] => C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe [3971648 2016-12-20] (GOG.com)
HKU\S-1-5-21-4039880186-1844316042-2073029014-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2876704 2016-12-20] (Valve Corporation)
HKU\S-1-5-21-4039880186-1844316042-2073029014-1000\...\Run: [CCleaner Monitoring] => D:\Program Files (x86)\Ccleaner\CCleaner64.exe [7394584 2014-12-12] (Piriform Ltd)
HKU\S-1-5-21-4039880186-1844316042-2073029014-1000\...\Run: [msiql] => C:\Users\HF\AppData\Local\Temp\00026167\msiql.exe /RUNNING <===== ATTENTION
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\HF\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\amd64\FileSyncShell64.dll [2016-08-07] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\HF\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\amd64\FileSyncShell64.dll [2016-08-07] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\HF\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\amd64\FileSyncShell64.dll [2016-08-07] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [KzShlobj] -> {AAA0C5B8-933F-4200-93AD-B143D7FFF9F2} => C:\Program Files\żěŃą\X64\KZipShell.dll [2017-01-10] ()
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\HF\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\FileSyncShell.dll [2016-08-07] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\HF\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\FileSyncShell.dll [2016-08-07] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\HF\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\FileSyncShell.dll [2016-08-07] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk [2014-11-26]
ShortcutTarget: Adobe Gamma Loader.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\Users\HF\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Odoslanie do programu OneNote.lnk [2015-07-10]
ShortcutTarget: Odoslanie do programu OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.100.1
Tcpip\..\Interfaces\{aeaadf67-9893-4422-af13-2bc8efd56a19}: [DhcpNameServer] 192.168.100.1

Internet Explorer:
==================
HKU\S-1-5-21-4039880186-1844316042-2073029014-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2016-10-11] (Microsoft Corporation)
BHO: Spyware Terminator 2015 Internet Guard -> {82A76710-4F98-4957-92BE-99648A4E2475} -> C:\Program Files (x86)\Spyware Terminator\STInternetGuard64.dll [2015-07-28] (Crawler Group, LLC)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2016-11-01] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2016-11-01] (Microsoft Corporation)
BHO-x32: Spyware Terminator 2015 Internet Guard -> {82A76710-4F98-4957-92BE-99648A4E2475} -> C:\Program Files (x86)\Spyware Terminator\STInternetGuard.dll [2015-07-28] (Crawler Group, LLC)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2016-04-20] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\HF\AppData\Roaming\Mozilla\Firefox\Profiles\fwuohxmc.default [2017-01-10]
FF Session Restore: Mozilla\Firefox\Profiles\fwuohxmc.default -> is enabled.
FF Extension: (Garmin Communicator) - C:\Users\HF\AppData\Roaming\Mozilla\Firefox\Profiles\fwuohxmc.default\Extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E} [2015-12-29]
FF Extension: (Adblock Plus) - C:\Users\HF\AppData\Roaming\Mozilla\Firefox\Profiles\fwuohxmc.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-11-25]
FF SearchPlugin: C:\Users\HF\AppData\Roaming\Mozilla\Firefox\Profiles\fwuohxmc.default\searchplugins\google-default.xml [2015-01-21]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_24_0_0_186.dll [2016-12-15] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWoW64\Macromed\Flash\NPSWF32_24_0_0_186.dll [2016-12-15] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2016-10-06] (Google)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-03-28] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-10-25] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-10-25] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-28] (Google Inc.)
FF Plugin HKU\S-1-5-21-4039880186-1844316042-2073029014-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\HF\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [68096 2014-11-26] () [File not signed]
R2 ClickToRunSvc; C:\PROGRAM FILES\MICROSOFT OFFICE 15\CLIENTX64\OFFICECLICKTORUN.EXE [3042032 2016-11-01] (Microsoft Corporation)
S3 GalaxyClientService; C:\Program Files (x86)\GalaxyClient\GalaxyClientService.exe [284224 2016-12-20] (GOG.com)
S3 GalaxyCommunication; C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe [6625856 2016-11-10] (GOG.com)
R2 GoogleChromeUpService; C:\ProgramData\service.exe [1620992 2017-01-10] () [File not signed] <==== ATTENTION
R2 KuaizipUpdateChecker; C:\Program Files\żěŃą\X86\kuaizipUpdateChecker.dll [219032 2017-01-10] ()
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [458176 2016-10-25] (NVIDIA Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1881144 2016-06-15] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [3634232 2016-06-15] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2522680 2016-06-15] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2057736 2015-09-20] (Electronic Arts)
S2 SkypeUpdate; D:\Program Files (x86)\Skype\Updater\Updater.exe [315488 2015-01-02] (Skype Technologies)
R2 ST2012_Svc; C:\Program Files (x86)\Spyware Terminator\st_rsser64.exe [3267408 2015-12-10] (Crawler Group, LLC)
R2 UCBrowserSvc; C:\Program Files (x86)\UCBrowser\Application\UCService.exe [931112 2017-01-09] ()
R2 VIAKaraokeService; C:\WINDOWS\system32\viakaraokesrv.exe [36504 2015-06-22] (VIA Technologies, Inc.)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
S2 xuzetofy; C:\Program Files (x86)\368b2629-7a03-4729-9ab5-7b52dcab61d01483953004\kns44B7.tmp [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [130688 2016-07-22] (Samsung Electronics Co., Ltd.)
S3 dtproscsibus; C:\WINDOWS\System32\drivers\dtproscsibus.sys [30264 2016-08-21] (Disc Soft Ltd)
S3 dtscsibus; C:\WINDOWS\System32\DRIVERS\dtscsibus.sys [29864 2015-01-28] (Disc Soft Ltd)
S3 dtsoftbus01; C:\WINDOWS\System32\DRIVERS\dtsoftbus01.sys [283064 2015-01-21] (Disc Soft Ltd)
R1 HWiNFO32; D:\Program Files (x86)\HWiNFO64\HWiNFO64A.SYS [30592 2012-05-10] (REALiX(tm))
R2 KuaiZipDrive; C:\WINDOWS\system32\drivers\KuaiZipDrive.sys [92832 2017-01-10] (WinMount International Inc)
R3 MTsensor; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [17280 2013-05-17] ()
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_848dea456d3c865e\nvlddmkm.sys [14159928 2016-10-26] (NVIDIA Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [28216 2016-06-15] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [56384 2016-04-14] (NVIDIA Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [589824 2016-07-16] (Realtek )
R2 sp_rsdrv2; C:\WINDOWS\System32\DRIVERS\stflt.sys [51496 2011-08-24] (Windows (R) Win 7 DDK provider)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [164992 2016-07-22] (Samsung Electronics Co., Ltd.)
R1 ucdrv; C:\Program Files (x86)\UCBrowser\Security:ucdrv-x64.sys [23652 ] (UC Web Inc.) <==== ATTENTION
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
S3 dtldrvhelp; \??\c:\program files\safiplayer\dtldrvhelp64.sys [X]
S2 WinDivert1.2; \??\C:\WINDOWS\system32\drivers\WinDivert64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-01-11 00:43 - 2017-01-11 00:43 - 00016587 _____ C:\Users\HF\Desktop\FRST.txt
2017-01-10 19:57 - 2017-01-10 19:57 - 00002652 _____ C:\WINDOWS\System32\Tasks\UCBrowserUpdaterCore
2017-01-10 19:49 - 2017-01-10 19:49 - 00000000 ____D C:\Users\HF\AppData\Roaming\quickclick
2017-01-10 18:58 - 2017-01-10 18:58 - 00003476 _____ C:\WINDOWS\System32\Tasks\UCBrowserSecureUpdater
2017-01-10 18:57 - 2017-01-10 18:57 - 00001587 _____ C:\Users\HF\Desktop\UC浏览器.lnk
2017-01-10 18:57 - 2017-01-10 18:57 - 00000000 ____D C:\Users\HF\AppData\Local\UCBrowser
2017-01-10 18:53 - 2017-01-10 18:57 - 00026452 _____ C:\Users\HF\Desktop\Fixlog.txt
2017-01-10 18:49 - 2017-01-10 18:49 - 00009323 _____ C:\Users\HF\Documents\fixlist.txt
2017-01-10 18:45 - 2017-01-10 19:06 - 00000000 ____D C:\Users\HF\AppData\Roaming\KuaiZip
2017-01-10 18:45 - 2017-01-10 18:45 - 00092832 _____ (WinMount International Inc) C:\WINDOWS\system32\Drivers\KuaiZipDrive.sys
2017-01-10 18:45 - 2017-01-10 18:45 - 00003506 _____ C:\WINDOWS\System32\Tasks\KuaiZip_Update
2017-01-10 18:45 - 2017-01-10 18:45 - 00000882 _____ C:\Users\HF\AppData\Roaming\Microsoft\Windows\Start Menu\żěŃą.lnk
2017-01-10 18:45 - 2017-01-10 18:45 - 00000858 _____ C:\Users\HF\Desktop\żěŃą.lnk
2017-01-10 18:45 - 2017-01-10 18:45 - 00000000 ____D C:\Users\HF\AppData\Roaming\Softlink
2017-01-10 18:45 - 2017-01-10 18:45 - 00000000 ____D C:\Program Files\żěŃą
2017-01-10 18:38 - 2017-01-11 00:09 - 00000298 _____ C:\WINDOWS\Tasks\UCBrowserUpdaterCore.job
2017-01-10 18:38 - 2017-01-10 18:57 - 00000462 _____ C:\WINDOWS\Tasks\UCBrowserUpdater.job
2017-01-10 18:38 - 2017-01-10 18:38 - 01620992 _____ C:\ProgramData\service.exe
2017-01-10 18:38 - 2017-01-10 18:38 - 00001599 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UC浏览器.lnk
2017-01-10 18:38 - 2017-01-10 18:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UC浏览器
2017-01-10 18:37 - 2017-01-10 18:38 - 00000000 ____D C:\Users\HF\AppData\Local\1F0089A0-1484073475-0200-80C2-20CF304CE39F
2017-01-10 18:03 - 2017-01-10 18:04 - 03988944 _____ C:\Users\HF\Downloads\adwcleaner_6.042.exe
2017-01-10 17:46 - 2017-01-10 17:48 - 00061452 _____ C:\Users\HF\Downloads\Addition.txt
2017-01-10 17:45 - 2017-01-11 00:43 - 00000000 ____D C:\FRST
2017-01-10 17:45 - 2017-01-10 17:48 - 00045415 _____ C:\Users\HF\Downloads\FRST.txt
2017-01-10 17:44 - 2017-01-10 17:44 - 02419200 _____ (Farbar) C:\Users\HF\Desktop\FRST64.exe
2017-01-09 13:09 - 2017-01-09 13:10 - 00017346 _____ C:\WINDOWS\ntbtlog.txt
2017-01-09 12:57 - 2017-01-09 12:57 - 00000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2017-01-09 10:06 - 2017-01-10 20:09 - 00000000 ____D C:\Program Files (x86)\UCBrowser
2016-12-31 17:54 - 2016-12-31 17:54 - 00000000 ____D C:\Users\HF\AppData\LocalLow\Artplant
2016-12-31 17:49 - 2016-12-31 17:51 - 00000000 ____D C:\Users\HF\Documents\GrimmDarkLegacy
2016-12-31 17:49 - 2016-12-31 17:49 - 00000000 ____D C:\Users\HF\Documents\SkidRow
2016-12-28 22:27 - 2016-12-28 22:27 - 00000000 ____D C:\Users\HF\AppData\Roaming\Amanita-Design.Samorost3
2016-12-25 18:51 - 2016-12-25 18:51 - 00000000 ____D C:\Users\HF\AppData\LocalLow\Zadbox Entertainment
2016-12-21 20:53 - 2016-12-21 20:53 - 00024574 _____ C:\Users\HF\Desktop\66907082.jpg
2016-12-16 01:43 - 2016-12-16 01:43 - 00013905 _____ C:\Users\HF\Documents\DM Freestate.docx
2016-12-14 21:29 - 2016-12-09 11:42 - 01637728 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2016-12-14 21:29 - 2016-12-09 11:42 - 00137568 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2016-12-14 21:29 - 2016-12-09 11:34 - 01051112 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2016-12-14 21:29 - 2016-12-09 11:34 - 00894096 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2016-12-14 21:29 - 2016-12-09 11:33 - 01354320 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2016-12-14 21:29 - 2016-12-09 11:33 - 01173496 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2016-12-14 21:29 - 2016-12-09 11:32 - 07816032 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-12-14 21:29 - 2016-12-09 11:30 - 00377184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2016-12-14 21:29 - 2016-12-09 11:29 - 02681200 _____ C:\WINDOWS\system32\CoreUIComponents.dll
2016-12-14 21:29 - 2016-12-09 11:28 - 00764392 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2016-12-14 21:29 - 2016-12-09 11:27 - 00172528 _____ (Microsoft Corporation) C:\WINDOWS\system32\sspicli.dll
2016-12-14 21:29 - 2016-12-09 11:20 - 02677544 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2016-12-14 21:29 - 2016-12-09 11:20 - 02189664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-12-14 21:29 - 2016-12-09 11:20 - 01738560 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2016-12-14 21:29 - 2016-12-09 11:20 - 00658784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2016-12-14 21:29 - 2016-12-09 11:20 - 00402272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2016-12-14 21:29 - 2016-12-09 11:19 - 01293152 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2016-12-14 21:29 - 2016-12-09 11:19 - 00168424 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcrypt.dll
2016-12-14 21:29 - 2016-12-09 11:18 - 02913144 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2016-12-14 21:29 - 2016-12-09 11:18 - 01267512 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
2016-12-14 21:29 - 2016-12-09 11:18 - 01100128 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2016-12-14 21:29 - 2016-12-09 11:18 - 00989024 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2016-12-14 21:29 - 2016-12-09 11:18 - 00947552 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.efi
2016-12-14 21:29 - 2016-12-09 11:18 - 00811872 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.exe
2016-12-14 21:29 - 2016-12-09 11:18 - 00624048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-12-14 21:29 - 2016-12-09 11:15 - 08168000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2016-12-14 21:29 - 2016-12-09 11:15 - 01988560 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2016-12-14 21:29 - 2016-12-09 11:14 - 01274712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2016-12-14 21:29 - 2016-12-09 11:14 - 00241504 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll
2016-12-14 21:29 - 2016-12-09 11:11 - 02048496 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2016-12-14 21:29 - 2016-12-09 11:10 - 01572768 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2016-12-14 21:29 - 2016-12-09 11:10 - 01461200 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2016-12-14 21:29 - 2016-12-09 11:09 - 00455520 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2016-12-14 21:29 - 2016-12-09 11:01 - 02323728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2016-12-14 21:29 - 2016-12-09 11:01 - 01503544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2016-12-14 21:29 - 2016-12-09 11:01 - 00861024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2016-12-14 21:29 - 2016-12-09 11:00 - 00106896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcrypt.dll
2016-12-14 21:29 - 2016-12-09 10:59 - 02166752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2016-12-14 21:29 - 2016-12-09 10:59 - 00846560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll
2016-12-14 21:29 - 2016-12-09 10:57 - 06668040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2016-12-14 21:29 - 2016-12-09 10:57 - 01852720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2016-12-14 21:29 - 2016-12-09 10:56 - 00959112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2016-12-14 21:29 - 2016-12-09 10:52 - 01435896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2016-12-14 21:29 - 2016-12-09 10:52 - 01415752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2016-12-14 21:29 - 2016-12-09 10:51 - 00117240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sspicli.dll
2016-12-14 21:29 - 2016-12-09 10:47 - 22563328 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-12-14 21:29 - 2016-12-09 10:45 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2016-12-14 21:29 - 2016-12-09 10:45 - 00040448 _____ (Microsoft Corporation) C:\WINDOWS\system32\WordBreakers.dll
2016-12-14 21:29 - 2016-12-09 10:42 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdd.dll
2016-12-14 21:29 - 2016-12-09 10:41 - 00380928 _____ (Microsoft Corporation) C:\WINDOWS\system32\wincorlib.dll
2016-12-14 21:29 - 2016-12-09 10:41 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WordBreakers.dll
2016-12-14 21:29 - 2016-12-09 10:40 - 00147968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys
2016-12-14 21:29 - 2016-12-09 10:38 - 00324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll
2016-12-14 21:29 - 2016-12-09 10:37 - 00411136 _____ (Microsoft Corporation) C:\WINDOWS\system32\facecredentialprovider.dll
2016-12-14 21:29 - 2016-12-09 10:37 - 00261632 _____ (Microsoft Corporation) C:\WINDOWS\system32\indexeddbserver.dll
2016-12-14 21:29 - 2016-12-09 10:37 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2016-12-14 21:29 - 2016-12-09 10:36 - 06285312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2016-12-14 21:29 - 2016-12-09 10:36 - 03059200 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2016-12-14 21:29 - 2016-12-09 10:36 - 00425984 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2016-12-14 21:29 - 2016-12-09 10:36 - 00410112 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2016-12-14 21:29 - 2016-12-09 10:36 - 00231936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.LockScreen.dll
2016-12-14 21:29 - 2016-12-09 10:34 - 00822784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2016-12-14 21:29 - 2016-12-09 10:34 - 00288768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wincorlib.dll
2016-12-14 21:29 - 2016-12-09 10:33 - 03777536 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2016-12-14 21:29 - 2016-12-09 10:33 - 01589760 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdtctm.dll
2016-12-14 21:29 - 2016-12-09 10:32 - 00635904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2016-12-14 21:29 - 2016-12-09 10:31 - 03689984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2016-12-14 21:29 - 2016-12-09 10:31 - 00313856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2016-12-14 21:29 - 2016-12-09 10:31 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\indexeddbserver.dll
2016-12-14 21:29 - 2016-12-09 10:30 - 23677952 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-12-14 21:29 - 2016-12-09 10:30 - 19413504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-12-14 21:29 - 2016-12-09 10:30 - 04612608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2016-12-14 21:29 - 2016-12-09 10:29 - 04749312 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2016-12-14 21:29 - 2016-12-09 10:28 - 03306496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2016-12-14 21:29 - 2016-12-09 10:28 - 01004544 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2016-12-14 21:29 - 2016-12-09 10:27 - 19417088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-12-14 21:29 - 2016-12-09 10:27 - 13084160 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-12-14 21:29 - 2016-12-09 10:27 - 05114368 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2016-12-14 21:29 - 2016-12-09 10:27 - 00981504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.OnlineId.dll
2016-12-14 21:29 - 2016-12-09 10:26 - 08129536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-12-14 21:29 - 2016-12-09 10:26 - 01692672 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2016-12-14 21:29 - 2016-12-09 10:25 - 00376832 _____ (Microsoft Corporation) C:\WINDOWS\system32\CryptoWinRT.dll
2016-12-14 21:29 - 2016-12-09 10:24 - 02275840 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2016-12-14 21:29 - 2016-12-09 10:23 - 12177920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-12-14 21:29 - 2016-12-09 10:22 - 02820096 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2016-12-14 21:29 - 2016-12-09 10:22 - 02688512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2016-12-14 21:29 - 2016-12-09 10:22 - 01490944 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-12-14 21:29 - 2016-12-09 10:21 - 04746752 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-12-14 21:29 - 2016-12-09 10:21 - 03616768 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-12-14 21:29 - 2016-12-09 10:21 - 01512960 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2016-12-14 21:29 - 2016-12-09 10:21 - 00716800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ShareHost.dll
2016-12-14 21:29 - 2016-12-09 10:20 - 06044160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-12-14 21:29 - 2016-12-09 10:20 - 03198464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2016-12-14 21:29 - 2016-12-09 10:20 - 00730624 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2016-12-14 21:29 - 2016-12-09 10:20 - 00187392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll
2016-12-14 21:29 - 2016-12-09 10:20 - 00172544 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe
2016-12-14 21:29 - 2016-12-09 10:19 - 01121280 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2016-12-14 21:29 - 2016-12-09 10:19 - 00433664 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2016-12-14 21:29 - 2016-12-09 10:19 - 00261120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2016-12-14 21:29 - 2016-12-09 10:19 - 00119296 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputLocaleManager.dll
2016-12-14 21:29 - 2016-12-09 10:19 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditBufferTestHook.dll
2016-12-14 21:29 - 2016-12-09 10:18 - 03666432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-12-14 21:29 - 2016-12-09 10:18 - 02138112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2016-12-14 21:29 - 2016-12-09 10:18 - 00165376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mdmregistration.dll
2016-12-14 21:29 - 2016-12-09 10:17 - 00886272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2016-12-14 21:29 - 2016-12-09 10:17 - 00566784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ShareHost.dll
2016-12-14 21:29 - 2016-12-09 10:16 - 02998272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2016-12-14 21:29 - 2016-12-09 10:16 - 01880576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2016-12-14 21:29 - 2016-12-09 10:16 - 00353280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TextInputFramework.dll
2016-12-14 21:29 - 2016-12-09 10:15 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
2016-12-14 21:29 - 2016-12-09 10:15 - 00092672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputLocaleManager.dll
2016-12-14 21:29 - 2016-12-09 10:15 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EditBufferTestHook.dll
2016-12-14 21:29 - 2016-12-09 09:54 - 00483840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2016-12-14 21:29 - 2016-11-02 11:28 - 00807424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.OnlineId.dll
2016-12-14 21:29 - 2016-11-02 11:25 - 00956416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2016-12-14 21:29 - 2016-09-15 17:36 - 00216576 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapibase.dll
2016-12-13 13:05 - 2016-12-13 13:05 - 00000000 ____D C:\Users\HF\AppData\Local\Chromium

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-01-10 19:49 - 2016-07-19 20:24 - 00000000 ____D C:\ProgramData\AlawarWrapper
2017-01-10 19:10 - 2016-07-16 12:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-01-10 19:03 - 2015-05-25 19:21 - 00000000 ____D C:\Program Files (x86)\Steam
2017-01-10 18:58 - 2016-11-18 00:44 - 00000000 ____D C:\Users\HF\AppData\LocalLow\Mozilla
2017-01-10 18:57 - 2016-08-07 10:16 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-01-10 18:57 - 2016-08-07 10:03 - 00000000 ____D C:\ProgramData\NVIDIA
2017-01-10 18:56 - 2016-07-16 07:04 - 00524288 _____ C:\WINDOWS\system32\config\BBI
2017-01-10 18:09 - 2014-11-22 23:25 - 00000000 ____D C:\ProgramData\Spyware Terminator
2017-01-10 18:06 - 2015-01-21 22:06 - 00000000 ____D C:\AdwCleaner
2017-01-10 15:56 - 2016-07-16 12:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-01-10 15:56 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-01-09 21:27 - 2014-11-23 21:55 - 00000000 ____D C:\Users\HF\AppData\Roaming\vlc
2017-01-09 20:08 - 2016-08-07 10:01 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-01-09 15:25 - 2014-11-29 17:53 - 00000000 ____D C:\Users\HF\AppData\Local\NVIDIA Corporation
2017-01-09 15:25 - 2014-11-22 22:59 - 00000000 ____D C:\Users\HF\AppData\Local\NVIDIA
2017-01-09 14:19 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2017-01-09 13:18 - 2015-12-31 00:15 - 00000000 ____D C:\Users\HF\AppData\Local\CrashDumps
2017-01-09 13:17 - 2016-08-07 10:03 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2017-01-09 13:17 - 2016-08-07 10:03 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2017-01-09 13:17 - 2016-08-07 10:03 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2017-01-09 13:17 - 2014-11-29 17:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2017-01-09 12:57 - 2016-06-21 08:53 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-01-09 12:04 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\Web
2017-01-09 11:16 - 2016-07-16 12:47 - 00000000 ___SD C:\WINDOWS\Downloaded Program Files
2017-01-09 10:50 - 2016-07-16 12:49 - 00000000 ____D C:\WINDOWS\Setup
2017-01-09 10:32 - 2016-11-04 17:48 - 00000000 ____D C:\WINDOWS\Minidump
2017-01-08 21:18 - 2016-08-07 10:06 - 00000000 ____D C:\Users\HF
2017-01-08 19:08 - 2015-05-20 01:00 - 00000000 ____D C:\Users\HF\Documents\The Witcher 3
2017-01-06 15:37 - 2016-06-20 23:40 - 00000000 ____D C:\Users\HF\AppData\Local\Packages
2016-12-31 18:35 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\config\RegBack
2016-12-31 17:54 - 2014-11-22 22:47 - 00000000 ____D C:\Users\HF\AppData\LocalLow
2016-12-28 06:31 - 2016-08-07 10:16 - 00003454 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2016-12-28 06:31 - 2016-08-07 10:16 - 00003330 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2016-12-20 22:28 - 2016-07-16 12:47 - 00000000 ___RD C:\WINDOWS\assembly
2016-12-20 22:28 - 2016-07-16 12:47 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-12-20 22:27 - 2015-03-28 22:18 - 00000000 ____D C:\Program Files\Microsoft Office 15
2016-12-20 11:41 - 2015-05-19 22:05 - 00000000 ____D C:\Program Files (x86)\GalaxyClient
2016-12-16 13:06 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\rescache
2016-12-16 12:48 - 2016-08-07 10:05 - 00524288 ___SH C:\WINDOWS\system32\config\COMPONENTS{f5b135e6-4b48-11e6-80cb-e41d2d012050}.TMContainer00000000000000000001.regtrans-ms
2016-12-15 17:38 - 2016-08-07 10:01 - 00341344 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-12-15 17:38 - 2014-12-12 13:28 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-12-15 01:09 - 2016-08-07 10:01 - 00524288 ___SH C:\WINDOWS\system32\config\DRIVERS{f5b135f1-4b48-11e6-80cb-e41d2d012050}.TMContainer00000000000000000001.regtrans-ms
2016-12-15 01:09 - 2016-08-07 10:01 - 00065536 ___SH C:\WINDOWS\system32\config\DRIVERS{f5b135f1-4b48-11e6-80cb-e41d2d012050}.TM.blf
2016-12-15 01:08 - 2016-07-16 12:47 - 00000796 ___SH C:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini
2016-12-15 01:08 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\SysWOW64\en-US
2016-12-15 01:08 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\en-US
2016-12-15 01:08 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\Boot
2016-12-15 01:08 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\ShellExperiences
2016-12-15 01:08 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\AppPatch
2016-12-15 01:08 - 2016-07-16 07:04 - 00000000 ____D C:\WINDOWS\system32\DriverStore
2016-12-15 01:03 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2016-12-15 01:03 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\Macromed
2016-12-14 21:47 - 2014-11-22 22:56 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-12-14 21:43 - 2014-11-22 22:56 - 135632432 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-12-13 13:34 - 2016-10-02 14:14 - 02904940 _____ C:\Users\HF\Desktop\1s.xlsx
2016-12-13 13:05 - 2015-05-25 19:23 - 00000000 ____D C:\Users\HF\AppData\Local\Steam
2016-12-12 00:56 - 2016-07-16 12:49 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-12-12 00:56 - 2016-07-16 12:49 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl

==================== Files in the root of some directories =======

2016-07-30 13:04 - 2016-07-31 00:36 - 0000134 _____ () C:\Users\HF\AppData\Roaming\CSharpAnalytics-MeasurementQueue
2016-07-30 12:18 - 2016-07-31 00:36 - 0000443 _____ () C:\Users\HF\AppData\Roaming\CSharpAnalytics-MeasurementSession
2014-12-10 00:07 - 2014-12-10 00:07 - 0007605 _____ () C:\Users\HF\AppData\Local\Resmon.ResmonCfg
2015-01-02 22:55 - 2015-01-02 22:55 - 0000057 _____ () C:\ProgramData\Ament.ini
2015-02-12 07:53 - 2012-08-31 14:08 - 0024772 _____ () C:\ProgramData\P1100DEF.css
2015-02-12 07:53 - 2015-02-12 07:53 - 0004244 _____ () C:\ProgramData\P1100OS.HTM
2015-02-12 07:53 - 2012-08-31 14:08 - 0002944 _____ () C:\ProgramData\P1100SIG.GIF
2017-01-10 18:38 - 2017-01-10 18:38 - 1620992 _____ () C:\ProgramData\service.exe

Files to move or delete:
====================
C:\ProgramData\service.exe


Some files in TEMP:
====================
C:\Users\HF\AppData\Local\Temp\Lambda.exe


==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-12-31 18:35

==================== End of FRST.txt ============================

Re: FIrefox mi otvára nežiadúce web stránky

Napsal: 11 led 2017 00:47
od Zanzdm
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-01-2017
Ran by HF (11-01-2017 00:44:13)
Running from C:\Users\HF\Desktop
Windows 10 Home Version 1607 (X64) (2016-08-07 09:21:55)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-4039880186-1844316042-2073029014-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-4039880186-1844316042-2073029014-503 - Limited - Disabled)
Guest (S-1-5-21-4039880186-1844316042-2073029014-501 - Limited - Disabled)
HF (S-1-5-21-4039880186-1844316042-2073029014-1000 - Administrator - Enabled) => C:\Users\HF

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 13 ActiveX (HKLM-x32\...\{10B037CE-CDF6-4B7F-85DC-057CBE774FB7}) (Version: 13.0.0.258 - Adobe Systems Incorporated)
Adobe Flash Player 24 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 24.0.0.186 - Adobe Systems Incorporated)
Adobe Photoshop CS (HKLM-x32\...\{EFB21DE7-8C19-4A88-BB28-A766E16493BC}) (Version: CS - Adobe Systems, Inc.)
Aktualizácie NVIDIA 2.11.4.1 (Version: 2.11.4.1 - NVIDIA Corporation) Hidden
Ansel (Version: 375.70 - NVIDIA Corporation) Hidden
Arcanika (HKU\S-1-5-21-4039880186-1844316042-2073029014-1000\...\Arcanika) (Version: 1.0.0.0 - Alawar Entertainment Inc.)
Autodesk MapGuide(R) Viewer ActiveX Control Release 6.5 (HKLM-x32\...\{E031338C-839D-4EDD-9537-99B653C39D81}) (Version: 6.5.5.24 - Autodesk, Inc.)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Bing Bar (HKLM-x32\...\{3611CA6C-5FCA-4900-A329-6A118123CCFC}) (Version: 7.1.355.0 - Microsoft Corporation)
Body Text Feathering (HKLM-x32\...\PopupProduct) (Version: 1.0.0.0 - Body Text Feathering) <==== ATTENTION
Boid (HKLM\...\Steam App 314010) (Version: - Mokus)
Císařský ostrov 2: Pátrání po nové zemi (HKU\S-1-5-21-4039880186-1844316042-2073029014-1000\...\Císařský ostrov 2: Pátrání po nové zemi) (Version: 1.0.0.0 - Alawar Entertainment Inc.)
Císařský ostrov 3: Expanze (HKU\S-1-5-21-4039880186-1844316042-2073029014-1000\...\Císařský ostrov 3: Expanze) (Version: 1.0.0.0 - Alawar Entertainment Inc.)
Command & Conquer™ Red Alert 2 and Yuri’s Revenge (HKLM-x32\...\{F5275D1C-D133-486D-8F07-D6C571F0A8EC}) (Version: 1.0.0.0 - Electronic Arts, Inc.)
DAEMON Tools Pro (HKLM-x32\...\DAEMON Tools Pro) (Version: 6.0.0.0445 - Disc Soft Ltd)
Deathtrap (HKLM-x32\...\Deathtrap_is1) (Version: - NeocoreGames)
Diablo III (HKLM-x32\...\Diablo III) (Version: - Blizzard Entertainment)
Elasto Mania (HKLM-x32\...\Elasto Mania) (Version: - )
Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
Fahrenheit Indigo Prophecy Remastered (HKLM-x32\...\Fahrenheit Indigo Prophecy Remastered_is1) (Version: - )
Fallout 4 (HKLM-x32\...\Fallout 4_is1) (Version: - )
GOG Galaxy (HKLM-x32\...\{7258BA11-600C-430E-A759-27E2C691A335}_is1) (Version: - GOG.com)
Google Earth (HKLM-x32\...\{A0C18B96-AB79-46BD-8321-6FA83E6D25B9}) (Version: 7.1.7.2606 - Google)
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
Grey Goo (HKLM-x32\...\Grey Goo_is1) (Version: - )
HP Deskjet 4620 series Basic Device Software (HKLM\...\{6D790D6C-EF5F-40AC-A9BF-2ADF638C02AD}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Deskjet 4620 series Help (HKLM-x32\...\{5773FBCB-BA2C-4F3E-9904-48247BF752FC}) (Version: 6.0.0 - Hewlett Packard)
HP Deskjet 4620 series Product Improvement Study (HKLM\...\{8703F965-1B1F-491F-ACCF-2B0626732065}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP LaserJet Professional P1100-P1560-P1600 Series (HKLM\...\HP LaserJet Professional P1100-P1560-P1600 Series) (Version: - )
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HWiNFO64 Version 4.02 (HKLM\...\HWiNFO64_is1) (Version: 4.02 - Martin Malík - REALiX)
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
INSIDE Demo (HKLM\...\Steam App 530210) (Version: - Playdead)
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
Legend of Grimrock 2 (HKLM-x32\...\Legend of Grimrock 2) (Version: - )
Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.51 - Logitech Inc.)
Malwarebytes Anti-Malware verzia 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Office 2013 pre študentov a domácnosti - sk-sk (HKLM\...\HomeStudentRetail - sk-sk) (Version: 15.0.4885.1001 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 (HKLM-x32\...\{e46eca4f-393b-40df-9f49-076faf788d83}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM-x32\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Mozilla Firefox 32.0.3 (x86 sk) (HKLM-x32\...\Mozilla Firefox 32.0.3 (x86 sk)) (Version: 32.0.3 - Mozilla)
Mozilla Firefox 50.1.0 (x86 sk) (HKU\S-1-5-21-4039880186-1844316042-2073029014-1000\...\Mozilla Firefox 50.1.0 (x86 sk)) (Version: 50.1.0 - Mozilla)
NVIDIA 3D Vision radič ovládača 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation)
NVIDIA Grafický ovládač 375.70 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 375.70 - NVIDIA Corporation)
NVIDIA Ovládač 3D Vision 375.70 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 375.70 - NVIDIA Corporation)
NVIDIA Ovládač zvuku HD 1.3.34.17 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.17 - NVIDIA Corporation)
NVIDIA Softvér systému s podporou technológie PhysX 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4885.1001 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4885.1001 - Microsoft Corporation) Hidden
Origin (HKLM-x32\...\Origin) (Version: 9.7.2.53208 - Electronic Arts, Inc.)
Ovládací panel NVIDIA 375.70 (Version: 375.70 - NVIDIA Corporation) Hidden
Pneuma Breath of Life (HKLM-x32\...\Pneuma Breath of Life_is1) (Version: - )
Quern - Undying Thoughts (HKLM\...\cXVlcm51bmR5aW5ndGhvdWdodHM_is1) (Version: 1 - )
Rise of the Tomb Raider (HKLM-x32\...\{45F08513-973A-4C18-93FD-8E12B1908390}_is1) (Version: - Square Enix)
Rise of the Tomb Raider magyarítás (HKLM-x32\...\Rise of the Tomb Raider magyarítás) (Version: 1.0.1.0 - TombRaiderS.hu)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.5.8 - Rockstar Games)
Samorost 3 (HKLM\...\Steam App 421120) (Version: - Amanita Design)
SES Driver (HKLM\...\{D8CC254C-C671-4664-9A38-FA368D1E2C97}) (Version: 1.0.0 - Western Digital)
SHIELD Streaming (Version: 7.1.0280 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.11.4.1 - NVIDIA Corporation) Hidden
Shovel Knight (HKLM-x32\...\1207664823_is1) (Version: 2.0.0.5 - GOG.com)
Sigils of Elohim (HKLM\...\Steam App 321480) (Version: - Croteam)
Skype Click to Call (HKLM-x32\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation)
Skype™ 7.2 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.2.103 - Skype Technologies S.A.)
Spyware Terminator 2012 (HKLM-x32\...\{56736259-613E-4A3B-B428-6235F2E76F44}_is1) (Version: 3.0.0.82 - Crawler, LLC)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
The Crew (Worldwide) (HKLM-x32\...\Uplay Install 413) (Version: - Ubisoft)
The Talos Principle (HKLM\...\Steam App 257510) (Version: - Croteam)
The Treasures of Montezuma 5 (HKU\S-1-5-21-4039880186-1844316042-2073029014-1000\...\The Treasures of Montezuma 5) (Version: 1.0.0.0 - Alawar Entertainment Inc.)
The Witcher 3 - Wild Hunt (HKLM-x32\...\1207664643_is1) (Version: 1.0.8.2 - GOG.com)
The Witcher 3: Wild Hunt - Ballad Heroes - Neutral Gwent Card Set (HKLM-x32\...\Ballad Heroes - Neutral Gwent Card Set_is1) (Version: 1.0.0.0 - GOG.com)
The Witcher 3: Wild Hunt - Beard and Hairstyle Set (HKLM-x32\...\Beard and Hairstyle Set_is1) (Version: 1.0.0.0 - GOG.com)
The Witcher 3: Wild Hunt - Elite Crossbow Set (HKLM-x32\...\Elite Crossbow Set_is1) (Version: 1.0.0.0 - GOG.com)
The Witcher 3: Wild Hunt - New Quest - Contract - Skellige's Most Wanted (HKLM-x32\...\New Quest - Contract: Skellige's Most Wanted_is1) (Version: 1.0.0.0 - GOG.com)
The Witcher 3: Wild Hunt - New Quest - Contract Missing Miners (HKLM-x32\...\New Quest - Contract Missing Miners_is1) (Version: 1.0.0.0 - GOG.com)
The Witcher 3: Wild Hunt - New Quest - Fool's Gold (HKLM-x32\...\New Quest - Fool's Gold_is1) (Version: 1.0.0.0 - GOG.com)
The Witcher 3: Wild Hunt - New Quest - Scavenger Hunt - Wolf School Gear (HKLM-x32\...\New Quest - Scavenger Hunt: Wolf School Gear_is1) (Version: 1.0.0.0 - GOG.com)
The Witcher 3: Wild Hunt - New Quest - Where the Cat and Wolf Play... (HKLM-x32\...\New Quest - Where the Cat and Wolf Play..._is1) (Version: 1.0.0.0 - GOG.com)
The Witcher 3: Wild Hunt - Nilfgaardian Armor Set (HKLM-x32\...\Nilfgaardian Armor Set_is1) (Version: 1.0.0.0 - GOG.com)
The Witcher 3: Wild Hunt - O víně a krvi (HKLM-x32\...\Blood and Wine_is1) (Version: 1.22.0.0 - GOG.com)
The Witcher 3: Wild Hunt - Skellige Armor Set (HKLM-x32\...\Skellige Armor Set_is1) (Version: 1.0.0.0 - GOG.com)
The Witcher 3: Wild Hunt - Srdce z kamene (HKLM-x32\...\Hearts of Stone_is1) (Version: 1.0.0.0 - GOG.com)
The Witcher 3: Wild Hunt - Temerian Armor Set (HKLM-x32\...\Temerian Armor Set_is1) (Version: 1.0.0.0 - GOG.com)
The Witness (HKLM-x32\...\Steam App 210970) (Version: - Thekla, Inc.)
There You Go (HKLM-x32\...\{E6ACA272-5C32-474F-B554-8DC366D6FED2}_is1) (Version: 0.3 - Octogear Games)
Total Commander 64-bit (Remove or Repair) (HKLM\...\Totalcmd64) (Version: 8.0 - Ghisler Software GmbH)
Trine 3 The Artifacts of Power (HKLM-x32\...\Trine 3 The Artifacts of Power_is1) (Version: - )
UE4 Prerequisites (x64) (HKLM-x32\...\{9514471f-b41e-41f7-af03-7da1d05b279e}) (Version: 1.0.8.0 - Epic Games, Inc.)
UE4 Prerequisites (x64) (Version: 1.0.8.0 - Epic Games, Inc.) Hidden
Uplay (HKLM-x32\...\Uplay) (Version: 23.0 - Ubisoft)
Vampire Setup Tool v2.1.0.2 (CD) (HKLM-x32\...\Vampire Setup Tool_is1) (Version: 2.1.0.2 - LEC s.r.o.)
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.3.0 (HKLM\...\VulkanRT1.0.3.0) (Version: 1.0.3.0 - LunarG, Inc.)
Watch Dogs (HKLM-x32\...\Watch Dogs_is1) (Version: 1.06.329 - Decepticon)
WestwoodOnline (HKLM-x32\...\{BBCD6D56-8A26-4DDE-9482-DBC9C7B7341D}) (Version: 1.0.0.0 - WestwoodOnline)
Windows Driver Package - Western Digital Technologies (WDC_SAM) WDC_SAM (01/19/2011 1.0.0009.0) (HKLM\...\4CA7CFBB29889F25ACB3DF6E3A42BAE29EB43B20) (Version: 01/19/2011 1.0.0009.0 - Western Digital Technologies)
WinRAR 5.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {07A773F0-84D9-43D7-9018-8B5C63786BBD} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {0D304B76-C45E-4A99-895D-F9D90914CEC7} - System32\Tasks\CCleanerSkipUAC => D:\Program Files (x86)\Ccleaner\CCleaner.exe [2014-12-12] (Piriform Ltd)
Task: {1C93ACF5-5617-43D3-8A34-F85EFBB32E3F} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {1F2E7B48-7D22-4124-B111-BCFA8CBEBC77} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {24761C72-F647-4ABC-B60A-6EAAFC43C31C} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {287A7FC3-DC33-4D18-BFC2-7783A986A85F} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {32E7B271-B149-4507-81CF-66A1C4FD466C} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {36E4A44F-AA83-402E-AA9A-43F69697F21E} - System32\Tasks\HPCustParticipation HP Deskjet 4620 series => C:\Program Files\HP\HP Deskjet 4620 series\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {3939D70D-73C7-4027-A7FF-DA2D18EB6F2E} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-11-01] (Microsoft Corporation)
Task: {3D8A0186-694F-4182-8295-87C8C760F48D} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {406DD0A8-4734-4A4B-9832-DD8CB0AB77C2} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {43E7F056-78ED-4C3C-804D-46D9C2B1737B} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => C:\Program Files\Microsoft Security Client\MpCmdRun.exe
Task: {567F1894-0129-4E4D-8D38-E47172B3C8DF} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {60E29AFC-FB22-47A1-BCB9-D2F89246CEF8} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {629D3C01-B168-4B1F-AF9D-5AF1845F9CA9} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {66FA7D73-8405-46FA-9902-B98DAC77E43E} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {86610784-72A1-4954-9300-E62295344754} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-4039880186-1844316042-2073029014-1000UA => C:\Users\HF\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-12-07] (Facebook Inc.)
Task: {8D85D839-1537-4C25-B949-A53EC58EB86F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-11-08] (Google Inc.)
Task: {8FD88B27-4197-482A-B9DE-652BCE5E8963} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-12-15] (Adobe Systems Incorporated)
Task: {90E84993-AACF-4F97-81DF-F4B5AE3CA496} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe
Task: {98013681-F06C-429A-A60B-3FA20A156494} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {987DED66-420F-48C6-BF19-35D036F957A1} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-4039880186-1844316042-2073029014-1000Core => C:\Users\HF\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-12-07] (Facebook Inc.)
Task: {9F16C6EF-6609-4310-A3DC-185F5B59F8B9} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {A1CCB7E4-3D84-46BF-AEB2-56E28F92227D} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {A201C7BA-426A-4D9A-AC61-C4501248CB47} - System32\Tasks\{18771E40-0FE4-4711-A157-30BA2B2C17D5} => pcalua.exe -a "D:\Firefox Setup 32.0.3.exe" -d C:\Users\HF\Desktop
Task: {B62349C0-42DC-414D-9D96-9E8210BB9E85} - System32\Tasks\KuaiZip_Update => C:\Program Files\żěŃą\X86\Update.exe [2017-01-10] (Shanghai Guangle Network Technology Ltd
) <==== ATTENTION
Task: {C2092512-7397-4E8D-B710-6461B4485801} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\WINDOWS\ehome\mcupdate.exe
Task: {C8326541-BDAA-4F08-9D02-8FDCFF334A9A} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {D8951481-12FD-459B-9184-990F334DAD9D} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-11-01] (Microsoft Corporation)
Task: {DA19B2DF-B2F6-4FA1-81BC-427CEE207C1E} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\WINDOWS\ehome\ehrec.exe
Task: {DD45CD38-D16C-450E-BDD2-64D4D5FBEE7D} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe
Task: {E2D28D44-04B4-4210-AFD9-E5229D999421} - System32\Tasks\UCBrowserUpdaterCore => C:\Program Files (x86)\UCBrowser\Application\update_task.exe [2017-01-09] (UCWeb Inc) <==== ATTENTION
Task: {E3053430-C536-4879-AD93-C83DA7477DCA} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-11-08] (Google Inc.)
Task: {E9745C4D-6BC9-4138-976C-CC0D7DEEFF17} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe
Task: {EB310B81-687B-4880-B466-7EE113BD9683} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {F103A4CF-0CAB-41CA-9B00-415B058D4093} - System32\Tasks\UCBrowserUpdaterCore => C:\Program Files (x86)\UCBrowser\Application\update_task.exe [2017-01-09] (UCWeb Inc) <==== ATTENTION
Task: {FA749848-22C7-475E-BCF8-CE0190D7CAD0} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {FC6D9907-0981-4F11-A7E0-DF38154758BD} - System32\Tasks\UCBrowserSecureUpdater => C:\Program Files (x86)\UCBrowser\Security\uclauncher.exe [2017-01-10] (UC Web Inc.) <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-4039880186-1844316042-2073029014-1000Core.job => C:\Users\HF\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-4039880186-1844316042-2073029014-1000UA.job => C:\Users\HF\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\WINDOWS\Tasks\UCBrowserUpdater.job => C:\Program Files (x86)\UCBrowser\Application\update_task.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\UCBrowserUpdaterCore.job => C:\Program Files (x86)\UCBrowser\Application\update_task.exe <==== ATTENTION

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2016-07-16 12:42 - 2016-07-16 12:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-12-14 21:29 - 2016-12-09 11:29 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2014-11-23 22:01 - 2012-08-31 15:02 - 00074240 _____ () C:\WINDOWS\system32\spool\PRTPROCS\x64\HP1100PP.DLL
2015-03-28 22:18 - 2016-05-24 08:51 - 00116416 _____ () C:\PROGRAM FILES\MICROSOFT OFFICE 15\CLIENTX64\ApiClient.dll
2017-01-10 18:38 - 2017-01-10 18:38 - 01620992 _____ () C:\ProgramData\service.exe
2016-03-07 20:02 - 2016-06-15 02:14 - 00369208 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\MessageBus.dll
2015-12-29 03:40 - 2016-06-15 02:14 - 00289848 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamBase.dll
2016-03-07 20:02 - 2016-06-15 02:14 - 03613240 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Poco.dll
2016-11-04 13:15 - 2016-06-15 02:14 - 01148984 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\libprotobuf.dll
2016-08-07 10:03 - 2016-10-25 21:17 - 00133056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2016-11-04 13:15 - 2016-06-15 02:14 - 01990200 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvPortForwardPlugin.dll
2016-11-04 13:15 - 2016-06-15 02:14 - 02667576 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvMdnsPlugin.dll
2016-11-04 13:15 - 2016-06-15 02:14 - 01842232 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\RtspPlugin.dll
2016-02-01 22:33 - 2016-06-15 02:14 - 00208952 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\RtspServer.dll
2016-11-04 13:15 - 2016-06-15 02:14 - 00035896 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_system-vc120-mt-1_58.dll
2016-11-04 13:15 - 2016-06-15 02:14 - 00921656 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_regex-vc120-mt-1_58.dll
2016-12-14 21:29 - 2016-12-09 11:29 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
2016-08-07 10:27 - 2016-08-07 10:27 - 00959168 _____ () C:\Users\HF\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\amd64\ClientTelemetry.dll
2017-01-10 18:45 - 2017-01-10 18:45 - 00524696 _____ () C:\Program Files\żěŃą\X64\KZipShell.dll
2016-09-15 00:28 - 2016-09-07 05:56 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2016-12-14 21:29 - 2016-12-09 10:41 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2016-11-09 12:56 - 2016-11-02 11:21 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-11-09 12:56 - 2016-11-02 11:15 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-11-09 12:56 - 2016-11-02 11:14 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2016-11-09 12:56 - 2016-11-02 11:16 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-11-09 12:56 - 2016-11-02 11:17 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-12-14 21:08 - 2016-12-14 21:08 - 00072192 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.145.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2016-12-14 21:08 - 2016-12-14 21:08 - 00179712 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.145.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2016-12-14 21:08 - 2016-12-14 21:08 - 42130432 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.145.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2016-12-14 21:08 - 2016-12-14 21:08 - 02216448 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.145.0_x64__kzf8qxf38zg5c\roottools.dll
2017-01-10 18:38 - 2017-01-09 06:15 - 00931112 _____ () C:\Program Files (x86)\UCBrowser\Application\UCService.exe
2017-01-10 20:08 - 2017-01-09 06:45 - 02165032 _____ () C:\Program Files (x86)\UCBrowser\Application\6.0.1471.3\UCAgent.exe
2017-01-10 18:45 - 2017-01-10 18:45 - 00219032 _____ () c:\program files\żěńą\x86\kuaizipupdatechecker.dll
2015-03-30 20:22 - 2016-06-15 02:14 - 00020536 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2015-05-25 19:23 - 2016-12-08 16:13 - 00656160 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2015-05-25 19:23 - 2016-09-01 02:02 - 04969248 _____ () C:\Program Files (x86)\Steam\v8.dll
2015-05-25 19:23 - 2016-12-20 03:25 - 02322720 _____ () C:\Program Files (x86)\Steam\video.dll
2015-05-25 19:22 - 2016-01-27 08:49 - 02549760 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2015-05-25 19:22 - 2016-01-27 08:49 - 00491008 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2015-05-25 19:22 - 2016-01-27 08:49 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2015-05-25 19:22 - 2016-01-27 08:49 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2015-05-25 19:22 - 2016-01-27 08:49 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2015-05-25 19:23 - 2016-09-01 02:02 - 01195296 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2015-05-25 19:23 - 2016-09-01 02:02 - 01563936 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2015-05-25 19:23 - 2016-12-20 03:25 - 00838944 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2016-03-14 07:42 - 2016-07-04 23:17 - 00266560 _____ () C:\Program Files (x86)\Steam\openvr_api.dll
2016-09-20 17:42 - 2016-09-20 17:42 - 00325824 _____ () C:\Program Files\Microsoft Office 15\root\office15\AppVIsvStream32.dll
2015-05-19 22:06 - 2016-09-19 10:59 - 53018112 _____ () C:\Program Files (x86)\GalaxyClient\libcef.dll
2015-05-19 22:06 - 2016-12-20 11:40 - 00507968 _____ () C:\Program Files (x86)\GalaxyClient\PocoUtil.dll
2015-05-19 22:06 - 2016-12-20 11:40 - 01076800 _____ () C:\Program Files (x86)\GalaxyClient\PocoNet.dll
2015-05-19 22:06 - 2016-12-20 11:40 - 01854528 _____ () C:\Program Files (x86)\GalaxyClient\PocoData.dll
2015-05-19 22:06 - 2016-12-20 11:40 - 00393280 _____ () C:\Program Files (x86)\GalaxyClient\PocoDataSQLite.dll
2015-05-19 22:06 - 2016-12-20 11:40 - 01589312 _____ () C:\Program Files (x86)\GalaxyClient\PocoFoundation.dll
2015-05-19 22:06 - 2016-12-20 11:40 - 00307776 _____ () C:\Program Files (x86)\GalaxyClient\PocoNetSSL.dll
2015-05-19 22:06 - 2016-12-20 11:40 - 00330816 _____ () C:\Program Files (x86)\GalaxyClient\PocoJSON.dll
2015-05-19 22:06 - 2016-12-20 11:40 - 00104000 _____ () C:\Program Files (x86)\GalaxyClient\zlib.dll
2015-05-19 22:06 - 2016-12-20 11:40 - 00520768 _____ () C:\Program Files (x86)\GalaxyClient\PocoXML.dll
2015-05-19 22:06 - 2016-12-20 11:40 - 00272448 _____ () C:\Program Files (x86)\GalaxyClient\PocoZip.dll
2015-05-19 22:06 - 2016-12-20 11:40 - 00425536 _____ () C:\Program Files (x86)\GalaxyClient\pcre.dll
2015-05-19 22:06 - 2016-12-20 11:40 - 00680000 _____ () C:\Program Files (x86)\GalaxyClient\sqlite.dll
2015-05-19 22:06 - 2016-12-20 11:40 - 00157760 _____ () C:\Program Files (x86)\GalaxyClient\PocoCrypto.dll
2015-05-19 22:05 - 2016-12-20 11:40 - 00152128 _____ () C:\Program Files (x86)\GalaxyClient\expat.dll
2015-05-19 22:06 - 2016-09-19 10:59 - 01738752 _____ () C:\Program Files (x86)\GalaxyClient\libglesv2.dll
2015-05-19 22:06 - 2016-09-19 10:59 - 00078848 _____ () C:\Program Files (x86)\GalaxyClient\libegl.dll
2016-12-13 13:04 - 2016-12-05 17:21 - 67304736 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7\libcef.dll
2015-05-25 19:23 - 2016-12-20 03:25 - 00388384 _____ () C:\Program Files (x86)\Steam\steam.dll
2015-05-25 19:22 - 2015-09-25 00:52 - 00119208 _____ () C:\Program Files (x86)\Steam\winh264.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\WINDOWS\system32\drivers:ucdrv-x64.sys [23652]
AlternateDataStreams: C:\WINDOWS\system32\drivers:x64 [1479458]
AlternateDataStreams: C:\WINDOWS\system32\drivers:x86 [1205026]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2017-01-10 18:53 - 00000027 ____A C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1 localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-4039880186-1844316042-2073029014-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\HF\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 192.168.100.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => LPort=139
FirewallRules: [MSMQ-In-TCP] => %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-TCP] => %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-In-UDP] => %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-UDP] => %systemroot%\system32\mqsvc.exe
FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => LPort=808
FirewallRules: [{A3CCCC52-64C4-461A-85DB-D28ACE0F17CB}] => d:\games\Imperial Island 2 The Search for New Land\F2PHttpDaemon.exe
FirewallRules: [{1040AC2C-DF8A-45FD-9177-993612918BA4}] => d:\games\Arcanika\F2PHttpDaemon.exe
FirewallRules: [{77B8F854-D89E-4854-AEC0-018F166C821C}] => d:\games\Imperial Island 3 Expansion\F2PHttpDaemon.exe
FirewallRules: [{FDC58FA9-CEC2-437C-ACE6-DA6216711CAC}] => d:\games\Imperial Island 3 Expansion\ImperialIsland3.wrp.exe
FirewallRules: [{55A6947F-AA39-4896-80E8-AF90CE3A8ACA}] => d:\games\Imperial Island 3 Expansion\ImperialIsland3.exe
FirewallRules: [{DC10B947-73C6-406B-8EC4-17EBAE625513}] => d:\games\The Treasures of Montezuma 5\F2PHttpDaemon.exe
FirewallRules: [{AB309106-1458-463D-A752-CC38B362D1E8}] => d:\games\The Treasures of Montezuma 5\TheTreasuresOfMontezuma5.exe
FirewallRules: [{CD8E39AA-DACD-41D8-8E2D-0CF73C6D60E6}] => C:\Program Files (x86)\Steam\steamapps\common\Boid\Boid.exe
FirewallRules: [{1C840F8E-2FC4-4F23-A9E0-B67DFCAD1C51}] => C:\Program Files (x86)\Steam\steamapps\common\Boid\Boid.exe
FirewallRules: [{81235BA4-BB06-4672-9C72-561FBF7D331B}] => C:\Program Files (x86)\Steam\steamapps\common\The Talos Principle\Bin\x64\Talos_Unrestricted.exe
FirewallRules: [{9A938CC0-545F-4950-8439-995B4E0BE34A}] => C:\Program Files (x86)\Steam\steamapps\common\The Talos Principle\Bin\x64\Talos_Unrestricted.exe
FirewallRules: [{9920BEC8-23C3-4B96-80EB-16E2A5749652}] => C:\Program Files (x86)\Steam\steamapps\common\The Talos Principle\Bin\x64\Talos.exe
FirewallRules: [{76824CDF-23AA-4719-990C-29E3BFA7B043}] => C:\Program Files (x86)\Steam\steamapps\common\The Talos Principle\Bin\x64\Talos.exe
FirewallRules: [{232025FA-50B9-4694-AF2C-2686248EB515}] => C:\Program Files (x86)\Steam\steamapps\common\The Talos Principle\Bin\Talos_Unrestricted.exe
FirewallRules: [{140D5A6D-7EC3-4AA9-9DE6-636FDAD5BCB0}] => C:\Program Files (x86)\Steam\steamapps\common\The Talos Principle\Bin\Talos_Unrestricted.exe
FirewallRules: [{2EA22E97-E107-4318-B554-953EB39F3FAC}] => C:\Program Files (x86)\Steam\steamapps\common\The Talos Principle\Bin\Talos.exe
FirewallRules: [{43F8BE30-43DF-4357-88E7-EE4AF8307EEB}] => C:\Program Files (x86)\Steam\steamapps\common\The Talos Principle\Bin\Talos.exe
FirewallRules: [{B4129D2D-072C-4C6D-A977-7FF254235004}] => d:\games\Hero of the Kingdom 2\F2PHttpDaemon.exe
FirewallRules: [{3824CF97-CF5A-4717-A35D-A40305AF3CF0}] => d:\games\Hero of the Kingdom\F2PHttpDaemon.exe
FirewallRules: [{2D95F73B-B705-48E9-B26D-D01A87B6826B}] => d:\games\Rooms The Unsolvable Puzzle\F2PHttpDaemon.exe
FirewallRules: [{0ACA7B47-DBFC-4621-9D6F-690997EA6BD4}] => d:\games\Fables of the Kingdom\F2PHttpDaemon.exe
FirewallRules: [{C7701DCC-1944-4599-99EE-32419C6E9198}] => C:\Program Files (x86)\Spyware Terminator\SpywareTerminator.exe
FirewallRules: [{EFECEBAA-49C0-4011-B5DD-45602D658529}] => C:\Program Files (x86)\Spyware Terminator\SpywareTerminator.exe
FirewallRules: [{1583AE19-87A7-4561-98B8-F50F147E206D}] => C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe
FirewallRules: [{53EB5B99-449E-4B44-B172-B6F810EA656D}] => C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe
FirewallRules: [{BB8F1B68-585D-4E01-A7F3-75C1CB2BCA25}] => C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{E7584D5B-C3A0-4553-9EA1-07F85BD6AEFB}] => C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{66F8F096-8165-43EE-B6CE-51BA7180C417}] => C:\Users\HF\AppData\Local\Facebook\Video\Skype\FacebookVideoCalling.exe
FirewallRules: [{A061188B-7A6F-41D1-844B-FC0619BF6506}] => D:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{47DE17CC-3B09-4DF3-914E-83421B83E19B}] => D:\Games\Battle.net\Battle.net.exe
FirewallRules: [{0BE291D3-36EF-44DC-BB31-2B0AA2E55739}] => D:\Games\Battle.net\Battle.net.exe
FirewallRules: [{050E508A-47A1-4837-8D19-3C36A8CD89A8}] => D:\Games\Diablo III\Diablo III.exe
FirewallRules: [{690A8A39-F405-470E-B7ED-9807FD8C65C1}] => D:\Games\Diablo III\Diablo III.exe
FirewallRules: [TCP Query User{A72173D9-1FD8-4F71-BE6F-A06E2E64C145}C:\program files (x86)\spyware terminator\spywareterminatorupdate.exe] => C:\program files (x86)\spyware terminator\spywareterminatorupdate.exe
FirewallRules: [UDP Query User{7424E903-FD4E-4382-9A31-24EA144095A9}C:\program files (x86)\spyware terminator\spywareterminatorupdate.exe] => C:\program files (x86)\spyware terminator\spywareterminatorupdate.exe
FirewallRules: [{A4D1C175-4C86-4FCA-B220-F687CEEFE0EE}] => C:\Program Files\HP\HP Deskjet 4620 series\bin\FaxApplications.exe
FirewallRules: [{374C9B75-9686-40FC-967D-4B3B59ABD8A3}] => C:\Program Files\HP\HP Deskjet 4620 series\bin\DigitalWizards.exe
FirewallRules: [{85F46697-00C7-45F8-B98C-D1BDE937D2DE}] => C:\Program Files\HP\HP Deskjet 4620 series\bin\SendAFax.exe
FirewallRules: [{48CF650C-8A6E-4F9A-B1EA-46D1BEDB5A7C}] => C:\Program Files\HP\HP Deskjet 4620 series\Bin\DeviceSetup.exe
FirewallRules: [{F579BEBF-526A-48A3-90A9-EFBEC4F5A070}] => C:\Program Files\HP\HP Deskjet 4620 series\Bin\HPNetworkCommunicator.exe
FirewallRules: [{84135734-8298-47B6-A332-2EED2B9B6D17}] => C:\Program Files\HP\HP Deskjet 4620 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [TCP Query User{ECD4261C-00F3-4E8E-B72D-77CA31239B7B}D:\program files (x86)\mozilla firefox\firefox.exe] => D:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{242A9A2E-C8F3-432A-A86C-3413DDA3B1BB}D:\program files (x86)\mozilla firefox\firefox.exe] => D:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [TCP Query User{3E8496EE-E9C1-4378-A92A-164EF985EE3C}D:\program files (x86)\mozilla firefox\firefox.exe] => D:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{0508203D-61FF-421E-842D-7BF54724115F}D:\program files (x86)\mozilla firefox\firefox.exe] => D:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [TCP Query User{69ED5FC0-2D58-43FC-9753-38169049FD61}D:\games\grey goo2\goog.exe] => D:\games\grey goo2\goog.exe
FirewallRules: [UDP Query User{E3CF19B0-4278-481C-AB00-770A014E58CB}D:\games\grey goo2\goog.exe] => D:\games\grey goo2\goog.exe
FirewallRules: [TCP Query User{A0B49DAC-611C-4BED-B777-DD01C2F47B23}D:\games\grey goo2\instanceserverg.exe] => D:\games\grey goo2\instanceserverg.exe
FirewallRules: [UDP Query User{71EBCA1F-900A-421C-A9F8-B3D54E39545A}D:\games\grey goo2\instanceserverg.exe] => D:\games\grey goo2\instanceserverg.exe
FirewallRules: [{E06ADFF9-828F-48FF-B2CE-4E562EDF1D40}] => C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{9B001EBE-64E1-4457-8E15-70226D389DE7}] => C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{393966E8-61DA-4F62-8807-1A2F78B4A73E}] => C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{3286FB9F-E05A-40F9-BB3E-4E845A3F2D1D}] => C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [TCP Query User{321E0F7A-C783-4C8E-A756-8114F9117230}D:\games\grand theft auto v\gta5.exe] => D:\games\grand theft auto v\gta5.exe
FirewallRules: [UDP Query User{5B381A68-58A5-4A2D-A975-835BECBA0867}D:\games\grand theft auto v\gta5.exe] => D:\games\grand theft auto v\gta5.exe
FirewallRules: [{3809497D-9FB0-4709-AE88-8B8CB56BD6D9}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{3A77466A-959F-41A0-BE36-26068290C065}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{3FA72A56-EC7A-4A6A-BED7-61F865669E13}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{2F1702E5-7801-473D-A5D3-D2599379EB8C}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{ACB068FE-2375-4676-BA18-CD8BA38AE29E}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{A3BAE0FA-A21C-44F9-9E68-6552E649B670}] => C:\Program Files (x86)\Origin Games\Command and Conquer Red Alert II\RA2Launcher.exe
FirewallRules: [{9E9594B2-377C-430D-9BFF-203E9AF3280D}] => C:\Program Files (x86)\Origin Games\Command and Conquer Red Alert II\RA2Launcher.exe
FirewallRules: [{A18DB4B6-820B-4BE2-880A-A852CAA249C8}] => D:\Games\Witness\steamapps\common\The Witness\witness_d3d11.exe
FirewallRules: [{FFD83B95-9276-409E-B251-7307F003D672}] => D:\Games\Witness\steamapps\common\The Witness\witness_d3d11.exe
FirewallRules: [{9F4C87AD-81AD-4B52-A1D1-520FD87C1890}] => D:\Games\Witness\steamapps\common\Sigils of Elohim\Sigils.exe
FirewallRules: [{F83387AF-39E3-4B3E-90CF-3CC7B101BB20}] => D:\Games\Witness\steamapps\common\Sigils of Elohim\Sigils.exe
FirewallRules: [{ABF26293-3755-410F-AED3-028B84CAC5FD}] => D:\Games\The Crew (Worldwide)\TheCrew.exe
FirewallRules: [{F8E6BA3B-5069-4F1A-BE83-398D6301A718}] => D:\Games\The Crew (Worldwide)\TheCrew.exe
FirewallRules: [TCP Query User{8EF70579-ABE7-4F7B-BE2F-12B505F6FD84}D:\games\grey goo2\instanceserverg.exe] => D:\games\grey goo2\instanceserverg.exe
FirewallRules: [UDP Query User{9D5BB297-F749-4485-9378-672EDCA38BCE}D:\games\grey goo2\instanceserverg.exe] => D:\games\grey goo2\instanceserverg.exe
FirewallRules: [TCP Query User{9FF636C5-8EDA-4964-B949-84600134A563}D:\games\grey goo2\goog.exe] => D:\games\grey goo2\goog.exe
FirewallRules: [UDP Query User{E66034E4-6EA8-4E3A-9E77-B7516F372F80}D:\games\grey goo2\goog.exe] => D:\games\grey goo2\goog.exe
FirewallRules: [{43A83DE8-C5A9-402E-8BFF-09B4CCD79289}] => C:\Program Files (x86)\Steam\steamapps\common\INSIDE\INSIDE.exe
FirewallRules: [{7AE411E6-49DD-4789-AA92-BA22BB6FE6A7}] => C:\Program Files (x86)\Steam\steamapps\common\INSIDE\INSIDE.exe
FirewallRules: [{2508444E-AB63-4ABB-96E3-A57EECF75E5E}] => C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{D10EB411-BBB1-4601-9233-988C8C316E50}] => C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{61B65D66-DA0C-4041-AA80-CDE565C18F51}] => C:\Program Files (x86)\Steam\steamapps\common\The Talos Principle\Bin\Talos.exe
FirewallRules: [{0D2F5EA8-80B4-4133-BAB7-2A0D42C6C849}] => C:\Program Files (x86)\Steam\steamapps\common\The Talos Principle\Bin\Talos.exe
FirewallRules: [{D2410BC8-9C72-4CF1-A3C2-11E48A9F52A8}] => C:\Program Files (x86)\Steam\steamapps\common\The Talos Principle\Bin\Talos_Unrestricted.exe
FirewallRules: [{C15F86E3-5E89-42C9-ADF1-F33EF1F7546E}] => C:\Program Files (x86)\Steam\steamapps\common\The Talos Principle\Bin\Talos_Unrestricted.exe
FirewallRules: [{359081A5-197C-4895-BD3F-C8537525F0BE}] => C:\Program Files (x86)\Steam\steamapps\common\The Talos Principle\Bin\x64\Talos.exe
FirewallRules: [{6FAE664E-8857-4766-AF8F-0D0B9D555D69}] => C:\Program Files (x86)\Steam\steamapps\common\The Talos Principle\Bin\x64\Talos.exe
FirewallRules: [{3741A21D-D279-4A40-8C5F-D6FE324A6E38}] => C:\Program Files (x86)\Steam\steamapps\common\The Talos Principle\Bin\x64\Talos_Unrestricted.exe
FirewallRules: [{8CFF223C-A8FA-4BC7-B435-211BEF6F3617}] => C:\Program Files (x86)\Steam\steamapps\common\The Talos Principle\Bin\x64\Talos_Unrestricted.exe
FirewallRules: [{E965B364-4EDE-4779-B80C-FDF2FD36887E}] => C:\Program Files (x86)\Steam\steamapps\common\Samorost 3\Samorost3.exe
FirewallRules: [{BEF8BD3D-CD09-4B3B-81F2-2C1704FC1B46}] => C:\Program Files (x86)\Steam\steamapps\common\Samorost 3\Samorost3.exe
FirewallRules: [{4B925351-DF52-4ED4-B3CA-B9988202B2EE}] => C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe
FirewallRules: [{E8DA4194-77EC-493C-886D-ADE80D0D058B}] => C:\Program Files (x86)\UCBrowser\Application\Downloader\download\MiniThunderPlatform.exe

==================== Restore Points =========================

10-01-2017 18:42:41 Removed Java 8 Update 101

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (01/10/2017 06:59:45 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "D:\Games\Fahrenheit Indigo Prophecy Remastered\Fahrenheit.exe".
Dependent Assembly Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (01/10/2017 06:45:47 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "D:\Games\Fahrenheit Indigo Prophecy Remastered\Fahrenheit.exe".
Dependent Assembly Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (01/10/2017 06:45:46 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "D:\Games\Fahrenheit Indigo Prophecy Remastered\Fahrenheit.exe".
Dependent Assembly Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (01/10/2017 06:42:56 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Služba Cryptographic Services zlyhala pri spracovávaní volania OnIdentity() v objekte System Writer.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (01/10/2017 06:39:48 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "D:\Games\Fahrenheit Indigo Prophecy Remastered\Fahrenheit.exe".
Dependent Assembly Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (01/10/2017 03:57:15 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "D:\Games\Fahrenheit Indigo Prophecy Remastered\Fahrenheit.exe".
Dependent Assembly Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (01/10/2017 03:53:29 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Názov chybujúcej aplikácie: NvStreamUserAgent.exe, verzia: 7.1.2084.9592, časová značka: 0x57605c64
Názov chybujúceho modulu: ntdll.dll, verzia: 10.0.14393.479, časová značka: 0x5825887f
Kód výnimky: 0xc0000005
Odstup chyby: 0x0000000000030bdd
Identifikácia chybujúceho procesu: 0x1404
Čas spustenia chybujúcej aplikácie: 0x01d26b514b24beac
Cesta chybujúcej aplikácie: C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
Cesta chybujúceho modulu: C:\WINDOWS\SYSTEM32\ntdll.dll
Identifikácia hlásenia: f0052e99-dd29-4032-b633-64d636a49556
Celé meno chybujúceho balíka:
Identifikácia chybujúcej aplikácie vzhľadom na balík:

Error: (01/09/2017 07:29:26 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Názov chybujúcej aplikácie: NvStreamUserAgent.exe, verzia: 7.1.2084.9592, časová značka: 0x57605c64
Názov chybujúceho modulu: ntdll.dll, verzia: 10.0.14393.479, časová značka: 0x5825887f
Kód výnimky: 0xc0000005
Odstup chyby: 0x0000000000030bdd
Identifikácia chybujúceho procesu: 0x21cc
Čas spustenia chybujúcej aplikácie: 0x01d26aa64e5d72cb
Cesta chybujúcej aplikácie: C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
Cesta chybujúceho modulu: C:\WINDOWS\SYSTEM32\ntdll.dll
Identifikácia hlásenia: 0c13eff8-517e-4bf3-8ebd-1499700e04ba
Celé meno chybujúceho balíka:
Identifikácia chybujúcej aplikácie vzhľadom na balík:

Error: (01/09/2017 01:18:06 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Názov chybujúcej aplikácie: setup.exe_unknown, verzia: 0.0.0.0, časová značka: 0x58352bc7
Názov chybujúceho modulu: NVI2.DLL, verzia: 2.1002.235.2016, časová značka: 0x58352cf4
Kód výnimky: 0x40000015
Odstup chyby: 0x00280596
Identifikácia chybujúceho procesu: 0x6d8
Čas spustenia chybujúcej aplikácie: 0x01d26a71f79ae864
Cesta chybujúcej aplikácie: C:\ProgramData\NVIDIA Corporation\GeForce Experience\Update\setup.exe
Cesta chybujúceho modulu: C:\Program Files\NVIDIA Corporation\Installer2\CoreTemp.{244EEA05-607A-47B3-8841-9E0AA5EEF7AA}\NVI2.DLL
Identifikácia hlásenia: 0320f1a2-fbd2-4342-b91a-3f647696214a
Celé meno chybujúceho balíka:
Identifikácia chybujúcej aplikácie vzhľadom na balík:

Error: (01/09/2017 01:14:51 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "D:\Games\Fahrenheit Indigo Prophecy Remastered\Fahrenheit.exe".
Dependent Assembly Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762" could not be found.
Please use sxstrace.exe for detailed diagnosis.


System errors:
=============
Error: (01/10/2017 06:57:37 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
and APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (01/10/2017 06:57:11 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Spustenie služby xuzetofy zlyhalo kvôli nasledujúcej chybe:
The system cannot find the file specified.

Error: (01/10/2017 06:57:11 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Spustenie služby NetTcpPortSharing, od ktorej závisí služba NetTcpActivator, zlyhalo kvôli nasledujúcej chybe:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (01/10/2017 06:57:11 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Spustenie služby WinDivert1.2 zlyhalo kvôli nasledujúcej chybe:
The system cannot find the file specified.

Error: (01/10/2017 06:53:49 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: Správca riadenia služieb sa po neočakávanom ukončení služby Windows Search pokúsil vykonať opravnú akciu (Reštartovať službu), ale táto činnosť zlyhala s nasledujúcou chybou:
An instance of the service is already running.

Error: (01/10/2017 06:53:19 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba NVIDIA Streamer Network Service sa neočakávane ukončila. Služba sa týmto spôsobom ukončila už 1-krát.

Error: (01/10/2017 06:53:19 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Steam Client Service sa neočakávane ukončila. Služba sa týmto spôsobom ukončila už 1-krát.

Error: (01/10/2017 06:53:19 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba BBUpdate sa neočakávane ukončila. Služba sa týmto spôsobom ukončila už 1-krát.

Error: (01/10/2017 06:53:19 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba UC浏览器基础服务 sa neočakávane ukončila. Služba sa týmto spôsobom ukončila už 1-krát.

Error: (01/10/2017 06:53:19 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Local Media Service sa neočakávane ukončila. Služba sa týmto spôsobom ukončila už 1 krát. O 300000 ms bude vykonaná nasledujúca opravná akcia: Reštartovať službu.


CodeIntegrity:
===================================
Date: 2016-12-16 00:04:50.855
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.StdFormat.dll that did not meet the Microsoft signing level requirements.

Date: 2016-12-16 00:04:50.825
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\ADODB.dll that did not meet the Microsoft signing level requirements.

Date: 2016-12-16 00:04:50.796
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\MSDATASRC.dll that did not meet the Microsoft signing level requirements.

Date: 2016-12-16 00:04:50.738
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.StdFormat.dll that did not meet the Microsoft signing level requirements.

Date: 2016-12-16 00:04:50.730
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\ADODB.dll that did not meet the Microsoft signing level requirements.

Date: 2016-12-16 00:04:50.721
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\MSDATASRC.dll that did not meet the Microsoft signing level requirements.

Date: 2016-12-16 00:04:49.573
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\stdole.dll that did not meet the Microsoft signing level requirements.

Date: 2016-12-16 00:04:49.430
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\stdole.dll that did not meet the Microsoft signing level requirements.

Date: 2016-12-16 00:01:46.333
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.StdFormat.dll that did not meet the Microsoft signing level requirements.

Date: 2016-12-16 00:01:46.275
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\ADODB.dll that did not meet the Microsoft signing level requirements.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5 CPU 760 @ 2.80GHz
Percentage of memory in use: 35%
Total physical RAM: 8190.05 MB
Available physical RAM: 5247.75 MB
Total Virtual: 16382.05 MB
Available Virtual: 12866.72 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:97.22 GB) (Free:45.8 GB) NTFS
Drive d: () (Fixed) (Total:833.76 GB) (Free:56.75 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: A7535621)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=97.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=450 MB) - (Type=27)
Partition 4: (Not Active) - (Size=833.8 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

Re: FIrefox mi otvára nežiadúce web stránky

Napsal: 14 led 2017 00:32
od altrok
:arrow: Pocitac byl mezi pouzitim AdwCleaneru a fixlistem jeste vice infikovan - zopakujte prosim krok s AdwCleanerem a pote

:arrow: Nainstalujte MBAM a udelejte vlastni sken vsech disku - http://forum.viry.cz/viewtopic.php?f=29&t=144868
  • Upozorneni: tento sken zabere od 30 minut po nekolik hodin

Re: FIrefox mi otvára nežiadúce web stránky

Napsal: 14 led 2017 09:33
od Zanzdm
# AdwCleaner v6.042 - *Logfile created 14/01/2017 *at 08:00:25
# *Updated on 06/01/2017 by Malwarebytes
# *Database : 2017-01-11.1 [*Server]
# *Operating System : Windows 10 Home (X64)
# *Username : HF - HF-PC
# *Running from : C:\Users\HF\Downloads\adwcleaner_6.042.exe
# *Mode: Clean
# *Support : https://www.malwarebytes.com/support



***** [ *Services ] *****

[-] *Service deleted: sp_rsdrv2
[-] *Service deleted: UCBrowserSvc
[-] *Service deleted: GoogleChromeUpService
[-] *Service deleted: KuaiZipDrive
[-] *Service deleted: KuaizipUpdateChecker
[-] *Service deleted: ucdrv
[-] *Service deleted: dtldrvhelp


***** [ *Folders ] *****

[-] *Folder deleted: C:\Users\HF\AppData\Local\1F0089A0-1484073475-0200-80C2-20CF304CE39F
[-] *Folder deleted: C:\Users\HF\AppData\Roaming\quickclick
[-] *Folder deleted: C:\Users\HF\AppData\Roaming\Kuaizip
[-] *Folder deleted: C:\Users\HF\AppData\Roaming\Softlink


***** [ *Files ] *****

[#] *File deleted: C:\WINDOWS\SysNative\drivers\KuaiZipDrive.sys
[-] *File deleted: C:\ProgramData\service.exe
[#] *File deleted: C:\ProgramData\service.exe


***** [ DLL ] *****



***** [ WMI ] *****



***** [ *Shortcuts ] *****



***** [ *Scheduled Tasks ] *****

[-] *Task deleted: KuaiZip_Update
[-] *Task deleted: UCBrowserUpdaterCore


***** [ *Registry ] *****

[-] *Key deleted: HKLM\SOFTWARE\Classes\UCHTML
[-] *Key deleted: HKLM\SOFTWARE\Classes\UCHTML.AssocFile.CRX
[-] *Key deleted: HKLM\SOFTWARE\Classes\UCHTML.AssocFile.HTM
[-] *Key deleted: HKLM\SOFTWARE\Classes\UCHTML.AssocFile.HTML
[-] *Key deleted: HKLM\SOFTWARE\Classes\UCHTML.AssocFile.MHT
[-] *Key deleted: HKLM\SOFTWARE\Classes\UCHTML.AssocFile.SHTM
[-] *Key deleted: HKLM\SOFTWARE\Classes\UCHTML.AssocFile.SHTML
[-] *Key deleted: HKLM\SOFTWARE\Classes\UCHTML.AssocFile.WEBP
[-] *Key deleted: HKLM\SOFTWARE\Classes\UCHTML.AssocFile.XHT
[-] *Key deleted: HKLM\SOFTWARE\Classes\UCHTML.AssocFile.XHTML
[-] *Key deleted: HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\GoogleChromeUpService
[#] *Key deleted on reboot: [x64] HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\GoogleChromeUpService
[-] *Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.001
[-] *Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.002
[-] *Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.003
[-] *Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.004
[-] *Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.005
[-] *Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.006
[-] *Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.007
[-] *Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.008
[-] *Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.009
[-] *Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.01
[-] *Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.010
[-] *Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.011
[-] *Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.012
[-] *Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.013
[-] *Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.014
[-] *Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.015
[-] *Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.016
[-] *Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.017
[-] *Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.018
[-] *Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.019
[-] *Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.02
[-] *Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.020
[-] *Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.021
[-] *Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.022
[-] *Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.023
[-] *Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.024
[-] *Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.025
[-] *Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.026
[-] *Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.027
[-] *Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.028
[-] *Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.029
[-] *Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.03
[-] *Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.030
[-] *Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.031
[-] *Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.032
[-] *Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.033
[-] *Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.034
[-] *Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.035
[-] *Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.036
[-] *Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.037
[-] *Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.038
[-] *Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.039
[-] *Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.04
[-] *Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.040
[-] *Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.041
[-] *Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.042
[-] *Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.043
[-] *Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.044
[-] *Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.045
[-] *Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.046
[-] *Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.047
[-] *Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.048
[-] *Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.049
[-] *Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.05
[-] *Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.050
[-] *Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.051
[-] *Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.052
[-] *Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.053
[-] *Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.054
[-] *Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.055
[-] *Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.056
[-] *Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.057
[-] *Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.058
[-] *Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.059
[-] *Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.06
[-] *Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.060
[-] *Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.061
[-] *Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.062
[-] *Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.063
[-] *Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.064
[-] *Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.065
[-] *Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.066
[-] *Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.067
[-] *Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.068
[-] *Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.069
[-] *Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.07
[-] *Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.070
[-] *Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.071
[-] *Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.072
[-] *Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.073
[-] *Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.074
[-] *Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.075
[-] *Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.076
[-] *Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.077
[-] *Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.078
[-] *Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.079
[-] *Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.08
[-] *Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.080
[-] *Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.081
[-] *Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.082
[-] *Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.083
[-] *Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.084
[-] *Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.085
[-] *Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.086
[-] *Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.087
[-] *Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.088
[-] *Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.089
[-] *Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.09
[-] *Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.090
[-] *Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.091
[-] *Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.092
[-] *Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.093
[-] *Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.094
[-] *Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.095
[-] *Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.096
[-] *Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.097
[-] *Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.098
[-] *Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.099
[-] *Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.7z
[-] *Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.arj
[-] *Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.bz2
[-] *Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.cab
[-] *Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.gz
[-] *Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.gzip
[-] *Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.jar
[-] *Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.kz
[-] *Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.lzh
[-] *Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.mou
[-] *Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.rar
[-] *Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.rpm
[-] *Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.tar
[-] *Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.tbz
[-] *Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.tgz
[-] *Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.wim
[-] *Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.z
[-] *Key deleted: HKLM\SOFTWARE\Classes\KuaiZip.zip
[-] *Key deleted: HKLM\SOFTWARE\Classes\KuaiZipMount.ape
[-] *Key deleted: HKLM\SOFTWARE\Classes\KuaiZipMount.bin
[-] *Key deleted: HKLM\SOFTWARE\Classes\KuaiZipMount.ccd
[-] *Key deleted: HKLM\SOFTWARE\Classes\KuaiZipMount.cue
[-] *Key deleted: HKLM\SOFTWARE\Classes\KuaiZipMount.flac
[-] *Key deleted: HKLM\SOFTWARE\Classes\KuaiZipMount.iso
[-] *Key deleted: HKLM\SOFTWARE\Classes\KuaiZipMount.isz
[-] *Key deleted: HKLM\SOFTWARE\Classes\KuaiZipMount.mdf
[-] *Key deleted: HKLM\SOFTWARE\Classes\KuaiZipMount.mds
[-] *Key deleted: HKLM\SOFTWARE\Classes\KuaiZipMount.nrg
[-] *Key deleted: HKLM\SOFTWARE\Classes\KuaiZipMount.vcd
[-] *Key deleted: HKLM\SOFTWARE\Classes\KuaiZipMount.wv
[-] *Key deleted: HKLM\SOFTWARE\Classes\KuaiZipMount_FileAsso.Origin
[-] *Key deleted: HKLM\SOFTWARE\Classes\KuaiZip_FileAsso.Origin
[-] *Key deleted: HKLM\SOFTWARE\Classes\QZipShell.ContextMenuExt
[-] *Key deleted: HKLM\SOFTWARE\Classes\QZipShell.ContextMenuExt.1
[-] *Key deleted: HKLM\SOFTWARE\Classes\QZipShell.DragDropMenu
[-] *Key deleted: HKLM\SOFTWARE\Classes\QZipShell.DragDropMenu.1
[-] *Key deleted: HKLM\SOFTWARE\Classes\QZipShell.KYDropHandler
[-] *Key deleted: HKLM\SOFTWARE\Classes\QZipShell.KYDropHandler.1
[-] *Key deleted: HKLM\SOFTWARE\Classes\QZipShell.KzShlobj
[-] *Key deleted: HKLM\SOFTWARE\Classes\QZipShell.KzShlobj.1
[-] *Key deleted: HKLM\SOFTWARE\Classes\QZipShell.PropertyExt
[-] *Key deleted: HKLM\SOFTWARE\Classes\QZipShell.PropertyExt.1
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.001
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.002
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.003
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.004
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.005
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.006
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.007
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.008
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.009
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.01
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.010
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.011
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.012
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.013
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.014
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.015
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.016
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.017
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.018
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.019
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.02
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.020
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.021
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.022
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.023
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.024
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.025
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.026
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.027
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.028
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.029
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.03
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.030
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.031
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.032
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.033
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.034
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.035
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.036
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.037
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.038
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.039
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.04
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.040
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.041
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.042
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.043
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.044
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.045
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.046
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.047
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.048
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.049
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.05
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.050
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.051
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.052
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.053
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.054
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.055
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.056
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.057
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.058
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.059
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.06
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.060
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.061
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.062
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.063
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.064
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.065
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.066
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.067
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.068
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.069
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.07
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.070
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.071
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.072
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.073
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.074
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.075
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.076
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.077
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.078
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.079
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.08
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.080
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.081
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.082
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.083
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.084
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.085
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.086
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.087
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.088
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.089
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.09
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.090
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.091
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.092
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.093
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.094
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.095
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.096
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.097
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.098
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.099
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.7z
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.arj
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.bz2
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.cab
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.gz
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.gzip
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.jar
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.kz
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.lzh
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.mou
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.rar
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.rpm
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.tar
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.tbz
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.tgz
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.wim
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.z
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip.zip
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZipMount.ape
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZipMount.bin
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZipMount.ccd
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZipMount.cue
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZipMount.flac
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZipMount.iso
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZipMount.isz
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZipMount.mdf
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZipMount.mds
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZipMount.nrg
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZipMount.vcd
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZipMount.wv
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZipMount_FileAsso.Origin
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\KuaiZip_FileAsso.Origin
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\QZipShell.ContextMenuExt
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\QZipShell.ContextMenuExt.1
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\QZipShell.DragDropMenu
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\QZipShell.DragDropMenu.1
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\QZipShell.KYDropHandler
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\QZipShell.KYDropHandler.1
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\QZipShell.KzShlobj
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\QZipShell.KzShlobj.1
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\QZipShell.PropertyExt
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\QZipShell.PropertyExt.1
[-] *Key deleted: HKLM\SOFTWARE\Classes\AppID\{9CC34070-3A38-4C7A-89CB-EF8177EF07A1}
[-] *Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{86C4C3BA-4EA4-4CF8-98B9-6B07B477B835}
[-] *Key deleted: HKU\.DEFAULT\Software\UCBrowser
[-] *Key deleted: HKU\.DEFAULT\Software\KuaiZip
[-] *Key deleted: HKU\S-1-5-21-4039880186-1844316042-2073029014-1000\Software\Installer
[-] *Key deleted: HKU\S-1-5-21-4039880186-1844316042-2073029014-1000\Software\UCBrowser
[-] *Key deleted: HKU\S-1-5-21-4039880186-1844316042-2073029014-1000\Software\UCBrowserPID
[-] *Key deleted: HKU\S-1-5-21-4039880186-1844316042-2073029014-1000\Software\AutoTime
[-] *Key deleted: HKU\S-1-5-21-4039880186-1844316042-2073029014-1000\Software\KuaiZip
[-] *Key deleted: HKU\S-1-5-21-4039880186-1844316042-2073029014-1000\Software\SNDA
[-] *Key deleted: HKU\S-1-5-21-4039880186-1844316042-2073029014-1000\Software\KuaiZipSFX
[-] *Key deleted: HKU\S-1-5-21-4039880186-1844316042-2073029014-1000\Software\SaFiPlayer
[#] *Key deleted on reboot: HKU\S-1-5-18\Software\UCBrowser
[#] *Key deleted on reboot: HKU\S-1-5-18\Software\KuaiZip
[#] *Key deleted on reboot: HKCU\Software\Installer
[#] *Key deleted on reboot: HKCU\Software\UCBrowser
[#] *Key deleted on reboot: HKCU\Software\UCBrowserPID
[#] *Key deleted on reboot: HKCU\Software\AutoTime
[#] *Key deleted on reboot: HKCU\Software\KuaiZip
[#] *Key deleted on reboot: HKCU\Software\SNDA
[#] *Key deleted on reboot: HKCU\Software\KuaiZipSFX
[#] *Key deleted on reboot: HKCU\Software\SaFiPlayer
[-] *Key deleted: HKLM\SOFTWARE\UCBrowser
[-] *Key deleted: HKLM\SOFTWARE\UCBrowserPID
[-] *Key deleted: HKLM\SOFTWARE\SaFiPlayer
[-] *Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PopupProduct
[#] *Key deleted on reboot: [x64] HKCU\Software\Installer
[#] *Key deleted on reboot: [x64] HKCU\Software\UCBrowser
[#] *Key deleted on reboot: [x64] HKCU\Software\UCBrowserPID
[#] *Key deleted on reboot: [x64] HKCU\Software\AutoTime
[#] *Key deleted on reboot: [x64] HKCU\Software\KuaiZip
[#] *Key deleted on reboot: [x64] HKCU\Software\SNDA
[#] *Key deleted on reboot: [x64] HKCU\Software\KuaiZipSFX
[#] *Key deleted on reboot: [x64] HKCU\Software\SaFiPlayer
[-] *Key deleted: [x64] HKLM\SOFTWARE\UCBrowser
[-] *Value deleted: HKU\S-1-5-21-4039880186-1844316042-2073029014-1000\Software\Microsoft\Windows\CurrentVersion\Run [msiql]
[#] *Value deleted on reboot: HKCU\Software\Microsoft\Windows\CurrentVersion\Run [msiql]
[#] *Value deleted on reboot: [x64] HKCU\Software\Microsoft\Windows\CurrentVersion\Run [msiql]
[-] *Key deleted: HKLM\SOFTWARE\Clients\StartMenuInternet\UCBrowser
[-] *Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\UCBrowser.exe
[-] *Value deleted: HKLM\SOFTWARE\RegisteredApplications [UCBrowser]
[-] *Key deleted: HKLM\SOFTWARE\Microsoft\MediaPlayer\ShimInclusionList\UCBrowser.exe
[-] *Value deleted: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost [kuaizipupdatesvc]
[-] *Key deleted: HKLM\SOFTWARE\Classes\Drive\shellex\ContextMenuHandlers\KuaiZipShlExt
[-] *Key deleted: HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\KuaiZipShlExt
[-] *Key deleted: HKLM\SOFTWARE\Classes\AppID\QZipShell.DLL
[-] *Key deleted: HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\KuaiZipShlExt


***** [ *Browsers ] *****



*************************

:: *"Tracing" keys deleted
:: *Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [4267 *Bytes] - [10/01/2017 18:06:42]
C:\AdwCleaner\AdwCleaner[C2].txt - [23788 *Bytes] - [14/01/2017 08:00:25]
C:\AdwCleaner\AdwCleaner[R0].txt - [5994 *Bytes] - [21/01/2015 22:06:06]
C:\AdwCleaner\AdwCleaner[S0].txt - [6462 *Bytes] - [21/01/2015 22:08:22]
C:\AdwCleaner\AdwCleaner[S1].txt - [3854 *Bytes] - [10/01/2017 18:05:57]
C:\AdwCleaner\AdwCleaner[S2].txt - [20947 *Bytes] - [14/01/2017 07:59:06]

########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [24160 *Bytes] ##########
Všechny časy jsou v UTC+01:00
Stránka 1 z 3

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz